In today's ever-evolving threat landscape, organizations require robust network security solutions to protect their critical assets in the cloud. Google Cloud is committed to providing superior cloud-first security controls, and today at Google Cloud Next, we're thrilled to announce the general availability of Google Cloud NGFW Enterprise, our next-generation …

Cross-Cloud Network has transformed how organizations connect and secure workloads across hybrid and multi-cloud networks. It simplifies complexity, strengthens security posture, and helps deliver faster business outcomes. Built on Google Cloud’s planet-scale network, Cross-Cloud Network enables you to deliver rich experiences, streamline operational efficiency, and lower TCO. AI …

In the AWS Security Profile series, we feature the people who work in Amazon Web Services (AWS) Security and help keep our customers safe and secure. This interview is with Chris Betz, Chief Information Security Officer (CISO), who began his role as CISO of AWS in August of 2023 …

In the AWS Security Profile series, we feature the people who work in Amazon Web Services (AWS) Security and help keep our customers safe and secure. This interview is with Tom Scholl, VP and Distinguished Engineer for AWS. What do you do in your current role and how long …

Changing the network security perspective In a data center, network security engineers tend to spend the bulk of their time managing individual devices: creating strong passwords and hardening configurations for networking devices and creating firewall rules for each endpoint. Since nothing is physical in the cloud networking world, the …

Google Cloud Firewall is a fully distributed, stateful inspection next-generation firewall that is built into our software-defined networking fabric and enforced for each workload. With Cloud Firewall, you can enable advanced network threat protection with operational simplicity at cloud scale. Today, we are excited to announce the general availability …

Editor’s note: Today, we hear from Parthasarathy Ranganathan, Google VP and Technical Fellow and Amin Vahdat, VP/GM. Partha delivered a keynote address today at the OCP Global Summit, an annual conference for leaders, researchers, and pioneers in the open hardware industry. Partha served on the OCP Board …

A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. The attacks were largely stopped at …

Over the last few years, Google's DDoS Response Team has observed the trend that distributed denial-of-service (DDoS) attacks are increasing exponentially in size. Last year, we blocked the largest DDoS attack recorded at the time. This August, we stopped an even larger DDoS attack — 71⁄2 times larger — that …

We are excited to announce the preview of the Dev(Sec)Ops toolkit for global front-end internet-facing applications, which can help you launch new apps on Google Cloud in less than an hour. This toolkit is part of the recently announced Cross-Cloud Network solution to help customers scale and …

We are excited to announce the preview of the Dev(Sec)Ops toolkit for global front-end internet-facing applications, which can help you launch new apps on Google Cloud in less than an hour. This toolkit is part of the recently announced Cross-Cloud Network solution to help customers scale and …

In this blog post, I show you how to deploy a solution that uses AWS Lambda to automatically manage the lifecycle of Amazon VPC Network Access Control List (ACL) rules to mitigate network floods detected using Amazon CloudWatch Logs Insights and Amazon Timestream. Application teams should consider the impact …

We are excited to announce general availability of Cloud NAT support for network services Standard Tier. Standard Tier delivers traffic from Google Cloud resources to external systems by routing it over the internet. Premier and Standard are network service tiers that let you optimize connectivity between systems on the …

In just a few days, Google Cloud Next returns to San Francisco as a large, in-person, three-day event. There, you’ll learn all about the technologies you need to build, connect, and secure all your cloud-first, Kubernetes, and AI/ML workloads. You’ll gain hands-on experience on the latest …

Organizations migrating web applications and their APIs to the cloud need solutions to protect them from exploits and distributed denial of service (DDoS) attacks. Google Cloud Armor is a network security service that provides defenses against DDoS and OWASP Top 10 risks. We are excited to introduce several new …

Macy’s is well known for its high-end fashion worldwide. What is not as well known are the strong measures it takes to ensure its customers’ data remains secure. When Macy’s decided to move its infrastructure from on-premises to Google Cloud, it required the move be done without …

We are excited to announce the Preview of front-end mutual TLS (mTLS) support, allowing you to offload client certificate authentication using External HTTPS Load Balancing. With TLS offload the load balancer presents a certificate on behalf of the server that the client uses to verify the server’s identity …

Google Cloud provides multiple layers of security to help customers stay ahead of evolving threats and keep their cloud workloads safe. Today at our annual Security Summit, we are excited to announce the general availability of Secure Web Proxy, a new cloud-first network security offering that provides web egress …

In Google Cloud, IAM Policies provide administrators with fine-grained control over who can use resources within their Google Cloud organization. With Organization Restrictions, a new generally available Google Cloud security control, administrators can restrict users’ access to only resources and data in specifically authorized Google Cloud organizations. It does …

Over the past few years, Google has observed that distributed denial-of-service (DDoS) attacks are increasing in frequency and growing exponentially in size. Google Cloud customers have been using Cloud Armor and leveraging the scale and capacity of Google’s network edge to protect their environment from some of the …

Modern elections rely on public access to a vast array of online information, including political candidate stances, elections monitoring, and directions to polling sites. Public websites can be taken offline by an attacker with no special access, through the use of a Distributed Denial of Service (DDoS) attack. These …

Google Cloud Firewall is a scalable, built-in service with advanced protection capabilities that helps enhance and simplify security posture, and implement zero trust networking, for cloud workloads. Its fully-distributed architecture provides micro-segmentation and granular control independent of network structure. Our unique architectural approach offers several advantages over the network …

The network security that firewalls provide is one of the basic building blocks for a secure cloud infrastructure. We are excited to announce that three new Google Cloud Firewall features are now generally available: Global Network Firewall Policies, Regional Network Firewall Policies, and IAM-governed Tags. With these enhancements, Cloud …

Today we are pleased to announce that Cloud Certificate Manager is now in general availability. Cloud Certificate Manager enables our users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads. TLS certificates are required to secure browser connections …

Almost a decade ago, we started encrypting traffic between our data centers to help protect user privacy. Since then, we gradually rolled out changes to encrypt almost all data in transit. Our approach is described in our Encryption in Transit whitepaper. While this effort provided invaluable privacy and security …