Palo Alto Networks Brings Network Threat Detection to Google Cloud

Jul 20, 2021
6 minutes

Imagine building applications in the cloud with the knowledge they are natively protected with industry-leading security controls. Imagine having your own personal, best-in-class threat research team at your fingertips, while taking advantage of cloud simplicity, scalability and speed.

Now meet Google Cloud Intrusion Detection System (Cloud IDS). It’s the first network threat detection system delivered as a native Google Cloud service, built with the industry-leading security technologies of Palo Alto Networks. Cloud IDS is the result of a year-long joint design and engineering effort between Google Cloud and Palo Alto Networks that was focused on combining the best-in-class security of Palo Alto Networks with the simplicity and scale of Google Cloud native services. In just a few clicks, Google Cloud customers will be able to deploy on-demand application visibility and threat detection between workloads or containers in any Google Cloud virtual private cloud (VPC) to support their compliance goals and protect applications.

Erasing Network Security Blindspots Simplifies Compliance

Until now, detecting threats in traffic between workloads within the trust boundary of a VPC has been a significant hurdle for cloud network security teams, leading to compliance challenges and blindspots for the Security Operations Center (SOC). The network threat detection options, prior to Cloud IDS, came with three significant limitations:

  1. Insufficient capabilities: Open source threat detection solutions are limited in their threat coverage and can be difficult to operate.
  2. Design and implementation complexity: Relying on packet mirroring to third-party IDS solutions is cumbersome to configure and manage. It requires exacting upfront assessments of your throughput needs and computing resources to run the engine, and it requires complicated networking configuration at scale.
  3. Lack of auto scalability: Third-party IDS solutions are typically not designed to sufficiently handle the dynamic scalability requirements of cloud, including cloud bursting events needed to handle peaks in IT demand.

Every VPC Gets Native, High-Performance Network Threat Detection

With the introduction of Cloud IDS, cloud network security teams finally have a native, best-in-class network threat detection service for their Google Cloud environments. Cloud security teams can get granular application-level visibility of traffic within a VPC – between subnets, specific workload instances, or container pods – wherever inspection is required to secure applications and address compliance or regulatory requirements. As a native Google Cloud service, Cloud IDS deploys rapidly to provide high performance and high availability. No need to worry about throughput needs. No need to worry about auto-scalability and bursting events. Cloud IDS simply provides native, network threat detection across your entire Google Cloud environment.

“Google Cloud IDS looks simple to deploy, and it brings the same industry-leading Palo Alto Networks threat detection capabilities that we trust throughout our environment to Google Cloud,” said Fabian Pucciarelli, Senior Network Architect at Five9. “It’s a must-have for network and security professionals and is truly a huge step toward providing native security capabilities in the cloud.”

Palo Alto Networks Delivers Uncompromised Security

Cloud IDS is built with Palo Alto Networks threat detection technology, so Google Cloud customers are protected with the industry’s leading security controls. The Palo Alto Networks Threat Prevention security service, on which Cloud IDS is built, is the proven gold standard in network threat prevention, blocking 100% of evasions and detecting ~98% of exploits encountered in recent third-party testing, conducted by

The Palo Alto Networks ML-powered threat analysis engine processes over 15 trillion transactions per day, automatically collected from across our global network of firewalls and endpoint agents. The result is 4.3 million unique security updates made per day to ensure you’re covered against the latest threats. This analysis is complemented by the 200+ threat researchers from our Unit 42 threat research team, who provide the human quotient required for understanding the cyber threat landscape. Unit 42 is an industry-leading authority in threat research, adversary tracking and analysis, malware analysis, threat hunting, reverse engineering, threat hunting, and triage.

With Cloud IDS, Google Cloud customers now have the power of combined artificial and human intelligence at their fingertips.

"As enterprises move applications and workloads in the cloud, security teams want to replicate their on-premises network security stack in the cloud. Google Cloud IDS provides network threat detection as a service, helping enterprises mature their security programs and align on-premises security with a cloud-native implementation. This is why Google created Cloud IDS, built with Palo Alto Networks, to provide customers with a simple and powerful network security offering that can span a hybrid IT infrastructure." - Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group (ESG)

More Than Integration: Significant Joint Design and Engineering Partnership

Cloud IDS marks a new phase in our relationship with Google Cloud. Our joint engineering effort will continue to bring new innovations to Google Cloud customers and ensure a seamless experience. In the future, this experience will include deep integrations of Cloud IDS with other native Google Cloud security services, including the Google Cloud Security Command Center and Chronicle. Cloud IDS also integrates with Palo Alto Networks XSOAR and Palo Alto Networks XDR to enable automatic response to detected threats and to simplify investigations, respectively.

“Our customers expect the best security possible to protect their mission-critical workloads. Palo Alto Networks has been an integral partner in protecting customer workloads for years. With Google Cloud’s built-in infrastructure security, plus Palo Alto Networks’ threat detection technologies and threat research, Cloud IDS delivers a powerful combination of scalable infrastructure and strong security to help keep our customers’ workloads secure. The confidence built out of our long-term partnership and the strength of Palo Alto Networks' ML-powered threat detection capabilities made leveraging Palo Alto Networks technology in Cloud IDS an easy decision for us. We look forward to continuing to partner with Palo Alto Networks on cloud network security.” - Shailesh Shukla, VP/GM of Networking, Google Cloud

Palo Alto Networks and Google Cloud have a long history of strong partnership, dating back to 2018 when the Palo Alto Networks VM-Series virtual NGFW was first supported on Google Cloud. Since then, Palo Alto Networks and Google Cloud have built numerous product integrations, including integrations between Cortex XSOAR, VM-Series virtual NGFW, Google Cloud Security Command Center, Chronicle, and the Google Cloud Network Connectivity Center. We’ve also produced a joint security reference architecture to help customers secure their Google Cloud environments using best practices.

Learn more about Google Cloud IDS and sign up for access to the preview.

Watch Anand Oswal, SVP of Network Security Products at Palo Alto Networks and Sachin Gupta, GM/VP of Product for IaaS at Google Cloud discuss Cloud IDS and partnership.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.