Google Cloud Firewall is a scalable, built-in service with advanced protection capabilities that helps enhance and simplify security posture, and implement zero trust networking, for cloud workloads. Its fully-distributed architecture provides micro-segmentation and granular control independent of network structure. Our unique architectural approach offers several advantages over the network …

The network security that firewalls provide is one of the basic building blocks for a secure cloud infrastructure. We are excited to announce that three new Google Cloud Firewall features are now generally available: Global Network Firewall Policies, Regional Network Firewall Policies, and IAM-governed Tags. With these enhancements, Cloud …

Today we are pleased to announce that Cloud Certificate Manager is now in general availability. Cloud Certificate Manager enables our users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads. TLS certificates are required to secure browser connections …

Almost a decade ago, we started encrypting traffic between our data centers to help protect user privacy. Since then, we gradually rolled out changes to encrypt almost all data in transit. Our approach is described in our Encryption in Transit whitepaper. While this effort provided invaluable privacy and security …

We’re excited to announce an enhancement of our preview of Certificate Manager which allows Google Cloud customers to acquire public certificates for their workloads that terminate TLS directly or for their cross-cloud and on-premise workloads. This is accomplished via the Automatic Certificate Management Environment ( ACME ) protocol which is …

We are excited to announce Traffic Director’s general availability of client authorization by proxyless gRPC services. This release, in conjunction with Traffic Director’s capability for managing mutual TLS (mTLS) credentials for Google Kubernetes Engine (GKE), enables customers to centrally manage access between workloads using Traffic Director. With …

We’re excited to announce the public preview of Certificate Manager and its integration with External HTTPS Load Balancing. Certificate Manager enables you to use External HTTPS Load Balancing with as many certificates or domains as you need. You can bring your own TLS certificates and keys if you …

Editor’s note : As of 12/21/2021 2:45pm PST, this post was updated to indicate that detections for CVE-2021-45105 are now present in production As of 12/20/2021 at 2:15pm PST, this post was updated to indicate that detections for CVE-2021-4104 are present in production …

Editor’s note : As of 1/4/2022 3:00pm PST, this post was updated to indicate that detections for CVE-2021-44832 are now present in production. Full change log can be found in the footnotes. NIST has announced recent vulnerabilities ( CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105 & CVE-2021-44832 ) in the Apache Log4j …

Editor's note : As of 12/16/2021 at 3:45pm PST, this post was updated to include information about detections for CVE-2021-45046. NIST has announced a recent vulnerability ( CVE-2021-44228 ) in the Apache Log4j library. To help with detection, Google Cloud IDS customers can now monitor and detect attempted exploits …

Editor’s note : As of 12/20/2021 at 2:15pm PST, this post was updated to indicate that detections for CVE-2021-4104 are present in production As of 12/19/2021 at 1:51pm PST, this post was updated to indicate that detections for CVE-2021-45046 are now present in …

NIST has announced a recent vulnerability ( CVE-2021-44228 ) in the Apache Log4j library. To help with detection, Google Cloud IDS customers can now monitor and detect attempted exploits of CVE-2021-44228. Background The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was …

As more and more applications move to the cloud, cloud network security teams have to keep them secure against an ever-evolving threat landscape. Shielding applications against network threats is also one of the most important criteria for regulatory compliance. For example, effective intrusion detection is a requirement of the …

MEDITECH develops electronic health record (EHR) systems solutions that enhance the interactions of physicians and clinicians with patients. The company empowers healthcare organizations large and small to deliver secure, cost-effective patient care. MEDITECH's intuitive and mobile offerings include software for health information management, patient care and patient safety, emergency …

Unwelcome web traffic from bots has proliferated, becoming a significant contributor to business and operational risk. The motivations of bot controllers range from disruption of business through DDoS attacks to fraud such as credential stuffing, denial of inventory, scraping, and fraudulent card use. Google is well positioned to help …

Are you a network security engineer managing large shared VPCs with many projects and applications deployed, and struggling to clean up hundreds of firewall rules accumulated overtime in the VPC firewall rule set? Are you a network admin setting up open firewall rules to accelerate cloud migration, but later …

Jaliesha is responsible for cybersecurity within the DevOps team at her cloud-native software service company – they call it DevSecOps. She has several requirements pressing down on her as their offering explodes in popularity and they take in their second round of VC funding: Meet compliance requirements for Intrusion Detection …

More of our customers are adopting flexible work-from-home and remote work strategies that use virtual desktop solutions, such as Amazon WorkSpaces and Amazon AppStream 2.0, to deliver their user applications. Securing these workloads benefits from a layered approach, and this post focuses on protecting your users at the …

Developers use the gRPC RPC framework for use cases like backend service-to-service communications or client-server communications between web, mobile and cloud. In July 2020, we announced support for proxyless gRPC services to reduce operational complexity and improve performance of service meshes with Traffic Director, our managed control plane for …

Enterprises looking to take advantage of the scalability and ease-of-use associated with cloud technology have often turned to serverless computing architectures. In these systems, a cloud provider allocates resources on-demand as required by a particular workload, and abstracts much of the management of an application or system for a …

Google Cloud IDS, now available in preview, delivers cloud-native, managed, network-based threat detection, built with Palo Alto Networks’ industry-leading threat detection technologies to provide high levels of security efficacy. Cloud IDS can help customers gain deep insight into network-based threats and support industry-specific compliance goals that call for the …

We created Traffic Director to bring to you a fully managed service mesh product that includes load balancing, traffic management and service discovery. And now, we’re happy to announce the availability of a fully-managed zero-trust security solution using Traffic Director with Google Kubernetes Engine (GKE) and Certificate Authority …

When migrating from on-premises to the cloud, many Google Cloud customers want scalable solutions to detect and alert on higher-layer network anomalies, keeping the same level of network visibility they have on-prem. The answer may be to combine Packet Mirroring with an Intrusion Detection System (IDS) such as the …

For anyone building distributed applications, Cloud Network Address Translation (NAT) is a powerful tool: with it, Compute Engine and Google Kubernetes Engine (GKE) workloads can access internet resources in a scalable and secure manner, without exposing the workloads running on them to outside access using external IPs. Cloud NAT …

You’ve heard this saying: Hope is not a strategy when it comes to security. You have to approach security from all angles, while minimizing the burden on dev and SecOps. But with an ever increasing number of endpoints, networks, and attack surfaces, setting automated and trickle down security …