At Google Cloud Next in October, we announced the Preview release of advanced rule tuning for Cloud Armor which can provide customers more granular control over how they apply our pre-configured Web Application Firewall (WAF) rules. We also announced the Preview of our auto-deploy option for proposed mitigating rules …
Cobalt Strike, the popular tool used by red teams to test the resilience of their cyber defenses, has seen many iterations and improvements over the last decade. First released in 2012, it was originally the commercial spinoff of the open-source Armitage project that added a graphical user interface (GUI …
At Google Cloud, we’re focused on making it easy for organizations to build solutions quickly and securely. Identity and Access Management (IAM) is the core security control for establishing who has access to which cloud resources and making sure access permissions are aligned to your company’s business …
In cybersecurity, speed matters. Whether a security analyst is trying to understand the details of an alert that was triggered by an indicator of compromise (IoC), or find additional context for a suspicious asset, speed is often the critical factor that will help thwart a cyberattack before threat actors …
One benefit of cloud migration is having access to managed services, which can reduce operational overhead. For organizations operating in Microsoft-centered environments, Google Cloud offers a highly-available, hardened Managed Service for Microsoft Active Directory running on Windows virtual machines. Managed Microsoft AD provides benefits such as automated AD server …
Financial Services institutions (FSIs) are among the most heavily regulated enterprises, and often have explicit and detailed obligations to assess and audit activities they outsource. For FSIs, due diligence of a cloud provider’s controls is often an essential first step in adopting cloud services. At Google Cloud, we …
Cyberattacks that target our government are all too common these days. From SolarWinds, to hacks against widely used email servers, to attacks against the defense industrial base, we know that cyberattacks against the public and private sectors continue to be an issue. Our latest VirusTotal malware trends report illustrates …
It’s not just children and adults who face excitement and nervousness on the first day of school. The first day in the cloud can be daunting for financial services organizations, too. Chief Information Security Officers must lead the cloud security component of their organization’s digital transformation, a …
Embassies have been havens for the people of countries they represent for hundreds of years, helping reduce some risks that their citizens can face when traveling and living abroad. The concept of reducing risk with an embassy has been extended to data in the digital world, made possible by …
In October, we announced the opening of a new Google Cloud region in Israel. The region, me-west1, joins our global network of cloud regions delivering high-performance, low-latency access to cloud services for customers of all sizes and across industries. As we support customers in this new region, we want …
Twenty years ago, organizations discovered the magic of server virtualization. Among the many benefits of virtualization, it heralded the end of the need for one physical server per application and the beginning of managing software-defined infrastructure. It helped automate building and installing systems, and it helped lay foundations for …
Google Cloud Armor is a well known enterprise-grade DDoS defense and web application firewall service that provides additional security for your applications and websites running on Google Cloud, on-prem or on other platforms. Cloud Armor helps protect against broken access controls, security misconfigurations, cryptographic failures and more. Cloud Armor …
Editor's note : MK Palmore is a director in Google Cloud's Office of the Chief Information Security Officer, or CISO, a group that works with private- and public-sector organizations to understand and guard against cybersecurity threats. He came to Google Cloud in 2021 from Palo Alto Networks, which he joined …
reCAPTCHA Enterprise is Google’s online fraud detection service that leverages more than a decade of experience defending the internet. reCAPTCHA Enterprise can be used to prevent fraud and attacks perpetrated by scripts, bot software, and humans. When installed inside a mobile app at the point of action, such …
Welcome to October’s Cloud CISO Perspectives. This month, we're focusing on our just-completed Google Cloud Next conference and Mandiant’s inaugural mWise Conference, and what our slate of cybersecurity announcements can reveal about how we are approaching the thorniest cybersecurity challenges facing the industry today. As I wrote …
At Google Cloud, we continue to invest in our vision of invisible security where advanced capabilities are engineered into our platforms, operations are simplified, and stronger outcomes can be achieved. Assured Workloads is a Google Cloud service that helps customers create and maintain controlled environments that accelerate running more …
At Google Cloud, we’re driven by a vision of invisible security, where advanced security capabilities are engineered into our platforms, operations are simplified, and stronger security outcomes can be achieved. As we pursue this ideal, we want to help make security easier to use and manage. Our new …
Today’s digital economy offers a wealth of opportunities, but those opportunities come with growing risks. It has become increasingly important to manage the risks posed by the intersection of digital resilience and today's risk landscape. Organizations around the world should be asking themselves: If a risk becomes a …
At Google Cloud, we operate in a shared fate model, working in concert with our customers to help achieve stronger security outcomes. One of the ways we do this is to identify potentially risky behavior to help customers determine if action is appropriate. To this end, we now provide …
Whether driven by government policy, industry regulation, or geo-political considerations, the evolution of cloud computing has led organizations to want even more control over their data and more transparency from their cloud services. At Google Cloud, one of the best tools for achieving that level of control and transparency …
Organizations large and small are realizing that digital transformation and the changing threat landscape require a grounds up effort to transform security. At Google Cloud, we continue to invest in our vision of invisible security where advanced capabilities are engineered into our platforms, operations are simplified, and stronger security …
Organizations and their software delivery pipelines are continually exposed to growing cyberattack vectors. Coupled with the massive adoption of open source software, which now helps power nearly all of our public infrastructure and is highly prevalent in most proprietary software, businesses around the world are more vulnerable than ever …
In September 2021, we unveiled “ Cloud. On Europe’s Terms,” an ambitious commitment to deliver cloud services that provide the highest levels of digital sovereignty while enabling the next wave of growth and transformation for European organizations. We’ve since seen increasing demand from customers and policymakers for digital …
Staying ahead of rising security threats and incidents are among the most vital discussions any organization can have, yet too many alerts and shifting threat trends make security operations notoriously difficult. The recent mass pivot to remote and hybrid work, coupled with increasingly sophisticated threat actors, make threat detection …
Business partnerships across many industries strain under rules and requirements that prevent them from sharing sensitive data. Organizations also recognize that collaboration can accelerate innovation, but meaningful collaboration can be limited or even prevented by the need to protect intellectual property or regulated data. Rising to meet today’s …