Google Cloud has just unveiled a public preview of its Cloud Armor Adaptive Protection Appliance – a machine learning-based method for detecting and protecting enterprise applications and services from Level 7 DDoS attacks. This is the same technology that Google uses to provide Project Shield, a free service from Alphabet, the parent company of Google, which protects human rights organizations, governments and the media against DDoS attacks.
Google has blocked massive DDoS attacks in the past. One of them, launched in 2017, reached 2.56 Tb / s. It had been attributed to a group of pirates supported by Beijing. Google also unveiled Cloud Armor Adaptive Protection in November, as part of its DDoS Defense and Web Application Firewall service that provides customers with the same technology that Google uses to protect themselves.
Its adaptive protection technology uses machine learning models to analyze web service signals and detect potential attacks. It can detect application layer DDoS attacks against web applications and services, and accelerate mitigation actions by spotting abnormal traffic. This is an important step for this new offering: as a reminder, the move to a public preview means that all Google Cloud customers can test its functionality.
“We have built and matured this technology with internal and external design partners and testers over the past few years. All Cloud Armor customers can now try it at no additional cost during the preview period, ”says Emil Kiner, product manager for Google’s Cloud Armor offering.
“Adaptive protection quickly identifies and analyzes suspicious traffic patterns and provides personalized, tightly-tailored rules that mitigate ongoing attacks in near real time,” he says. He notes that while level 3 and level 4 attacks can be stopped on Google’s edge network, level 7 attacks rely on “well-formed” and legitimate web requests. And to remember that these requests are generated automatically from hacked Windows, Mac and Linux devices, which form a botnet and spit out unwanted traffic in volumes that most websites cannot handle.
“As attacks can originate from millions of individual IPs, manual triage and analysis to generate and apply blocking rules becomes time and resource intensive, ultimately allowing high volume attacks to impact applications. », Says Google. The Adaptive Protection service, aimed at security operations teams, provides early alerts on suspicious requests: the quantity of back-end services used; constantly updated signatures that explain a suspected attack; and custom web application firewall rules, recommended for blocking attack traffic.