//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Protecting Workloads on Google Cloud Platform with the VM-Series


One of three articles in a series about the VM-Series on: Google, AWS and Azure.

Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive the commonly used Google search engine and maps services. Business initiatives – such as big data, analytics and machine learning – deployed on GCP can leverage contextual data collected from billions of Google search engine data points. GCP offers a global footprint to allow you to quickly deploy enterprise-class applications and services.

Our VM-Series, deployed to protect workloads within a Google project, helps customers address their role in the shared responsibility model. GCP was designed with security as a core component and uses a variety of technologies and processes to secure information stored on Google servers. However, Google is very clear on where their security responsibilities end, and where the customer’s security responsibilities begin. As shown below, it is the customer’s responsibility to protect their operating systems packages and the applications they deploy.

Googlecloud

Figure 1: GCP Shared Responsibility Model

 

That’s where the VM-Series on GCP, which we officially announced this month, can help. It complements Google Firewall by protecting your applications and data using a prevention-based approach:

  • Complete visibility and control: The VM-Series gives you complete visibility into the applications traversing your cloud deployment and the content within, malicious or otherwise. This knowledge allows you to deploy a more consistent, stronger security policy for inbound and outbound traffic to prevent known and unknown attacks.
  • Reduce the attack surface; limit data exfiltration: Using the application identity as a means of enforcing a positive security model reduces the attack surface by enabling only allowed applications and denying all else. Application usage can be aligned with business needs, extending to application functions as needed (e.g., allow SharePoint documents for all but limit SharePoint administration access to the IT group). In addition to controlling applications, policies can be enabled to block or generate alerts on file and data transfers, thereby limiting data exfiltration.
  • Prevent known and unknown threats: Applying application-specific threat prevention policies to allowed traffic can block known threats, including vulnerability exploits, malware, and malware-generated command-and-control traffic. Unknown and potentially malicious files are analyzed based on hundreds of behaviors. If a file is deemed malicious, a prevention mechanism is delivered in as few as five minutes. Following delivery, the information gained from file analysis is used to continually improve all other prevention capabilities.

To help eliminate security as a possible bottleneck, bootstrapping, the XML API and other VM-Series automation features, combined with GCP or Terraform templates, will allow you to embed next-generation security into your application development lifecycle. The VM-Series on GCP will be available in March 2018.

 

Learn More

Watch the VM-Series on Google Cloud Platform Lightboard

Read the VM-Series on Google Cloud Platform Deployment Guidelines

Visit the VM-Series on Google Cloud Platform resource page

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 17 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Web Stats

  • 134,282 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 17 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,798 other followers

Twitter Updates

Archives

February 2018
M T W T F S S
« Jan   Mar »
 1234
567891011
12131415161718
19202122232425
262728  
%d bloggers like this: