Google's Cloud Armor Adaptive Protection Released Publicly, It Uses ML to Thwart DDoS Attacks

Google’s Cloud Armor Adaptive Protection Released Publicly, It Uses ML to Thwart DDoS Attacks

Google released Cloud Armor’s Adaptive Protection to the public, which means it’s now available to all Google Cloud users. Adaptive Protection is a machine learning-based security solution that automatically identifies and protects against distributed denial of service attacks (DDoS).

It uses the same technology as Project Shield, which Alphabet launched to protect human rights, government, and media organizations from distributed denial of service attacks.

Google’s technology is capable of blocking massive DDoS attacks. In 2017, it blocked one such attack that reached 2.56 Tbps.

Google’s Cloud Armor Adaptive Protection is a part of the company’s DDoS defense system and web application firewall (WAF) that the company uses to protect itself. The company’s Adaptive Protection technology works by analyzing web traffic and spotting abnormal traffic based on machine-learning models to detect potential attacks.

A public preview of Adaptive Protection means that all Google Cloud users can test out its new features.

“We have been building and maturing this technology with internal and external design partners and testers over the last few years. All Cloud Armor customers can try it at no extra charge during the preview period,” said Emil Kiner, a product manager for Google’s Cloud Armor.

Google Cloud released new preset WAF rules and an improved reference architecture that help customers identify and prevent OWASP web app vulnerabilities.

“Adaptive Protection quickly identifies and analyzes suspicious traffic patterns and provides customized, narrowly tailored rules that mitigate ongoing attacks in near-real time,” Kiner explained.

He noted that, while Google’s edge network can be halted at Level 3 and Level 4, attacks at Level 7 rely on “well-formed,” legitimate web requests. These requests are made from compromised devices that run on Windows, Linux, and Mac OS and make up a large botnet.

“Since attacks can come from millions of individual IPs, manual triage, and analysis to generate and enforce blocking rules becomes time and resource intensive, ultimately allowing high-volume attacks to impact applications,” Google noted.

Whereas, the Adaptive Protection service can help security teams automatically identify suspicious requests and block attack traffic. It sends out early warning signals about requests that are related to the amount of backend services that are used.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.