The recently announced Google Cloud IDS is a next-generation and cloud native intrusion detection service (IDS) that provides threat detection for intrusions, malware, spyware and command-and-control attacks. The native Google Cloud service – built with Palo Alto Networks threat detection technology – catches signature-based threats at the network level, gains complete Layer 7 visibility into intra- and inter-VPC application traffic, and helps you to meet compliance requirements with ease.
Until now, detecting threats in traffic between workloads within the trust boundary of a VPC has been a significant hurdle for security teams. Furthermore, taking action on those threats was even more challenging as information from hosts and endpoints was difficult to access at scale, preventing teams from quickly responding.
With the introduction of Cloud IDS, cloud network security teams finally have a native threat detection service for their Google Cloud environments. Further integration with the Google Cloud Logging service enables threat logs generated from the service to be sent to the Google Cloud Pub/Sub messaging service. Accordingly, if you use the Pub/Sub messaging service from Global Cloud, you can now send logs and data from your Google Cloud instance to Cortex XDR. This enables data and information from Google Cloud to be searchable in Cortex XDR, providing additional detail and context for threat investigations.
Cortex XDR delivers holistic protection by integrating all key security data to stop sophisticated attacks. It simplifies threat investigation by correlating logs from Cloud IDS to reveal threat casualties and timelines. This enables you to easily identify the root cause of every alert.
With the integration of this new IDS service and XDR application, you have the unique ability to perform immediate response actions from threat data. Beyond reactive behavior, you can look to the future and define indicators of compromise (IOCs), or behavior-based indicators of compromise (BIOCs) for detection and response around malicious activity.
Create a Pub/Sub topic and subscription
In Cortex XDR, set up Data Collection
dataset = google_cloud_logging_raw
dataset = google_cloud_logging_raw | filter logName = "projects/xxxxxxx/logs/ids.googleapis.com%2Fthreat"
Combining cloud threat detection inside a VPC with an integrated response solution provides a powerful option for securing additional layers of your cloud environment. This is a unique offering made possible by the joint vision, design and engineering of Google Cloud and Palo Alto Networks.