Google has released more details of its newly announced Cloud Armor system for mitigating distributed denial of service (DDoS) attacks.
The service is one of about 20 security enhancements Google announced recently as part of a broad effort to convince enterprise customers that they can move mission critical business applications to Google Cloud Platform with confidence.
Cloud Armor uses the same infrastructure and technologies that Google uses to protect services like Gmail, Search and YouTube.
Cloud Armor gives enterprises using Google’s cloud services a way to set and enforce specific traffic management rules to prevent DDoS attack traffic from disrupting Internet facing applications and workloads.
Google’s global HTTP(S) load balancing server is the first Google cloud service to support Cloud Armor, said Prajakta Joshi, product manager, cloud networking at Google in a blog March 26.
Organizations currently using the balancing service to distribute their computing resources across single or multiple Google cloud regions now get built-in defenses against infrastructure-layer DDoS attacks.
Besides configuring the appropriate load balancing features, administrators do not have to make any additional configuration settings to enable the DDoS mitigation capability, Joshi said.
Just like HTTP(S) load balancing, Cloud Armor too works at Google’s network edge in order to block attacks close to the source. At its core is a security policy framework that gives administrators a way to configure specific policies for managing traffic.
The policies can be comprised of one or more rules that specify the parameters that the Cloud Armor service should look for in traffic and the action to take if the traffic matches specific parameters. The security framework also includes a so-called priority value that administrators can use to specify the order in which the rules are to be enforced.
Administrators can set Cloud Armor to allow, block, preview and log traffic. They can use it to deploy blacklists for blocking traffic from specified IP addresses and address ranges, or for whitelisting traffic from approved sources, according to Joshi.
The capability is available for managing both IPv4 traffic and IPv6 traffic, Joshi stated. Administrators can use Google’s Stackdriver cloud-monitoring system to view all blocked and allowed traffic from one console.
Cloud Armor allows administrators to create and to enforce custom rules for managing traffic in accordance with specific requirements. “Often attackers use multiple well-known and custom malicious patterns to attempt bringing your service down,” Joshi’s blog stated.
“Custom rules enable you to configure specific attack patterns to look for in the traffic and then block this traffic at scale,” he wrote. Cloud Armor also comes with pre-configured rules for dealing with two of the most common application aware attacks—cross-site scripting and SQL injection attacks.
Organizations can use anti-DDoS services from third parties to extend Cloud Armor’s capabilities. Google currently partners with multiple vendors to deliver security services for cloud customers. On the DDoS mitigation front the company’s partners include Imperva and CloudFlare.
Cloud Armor comes at a time when DDoS attacks have become exponentially bigger compared to a decade ago, according to the company. Metrics that Google has gathered over the years show that DDoS attack volumes have increased and are now much bigger in terms of bits per second, packets per second and queries per second.