Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Google Cloud Gets Virtual Machine Threat Detection

Google on Monday announced the public preview of a new tool to help identify threats within virtual machines (VMs) running on its Google Cloud infrastructure.

Google on Monday announced the public preview of a new tool to help identify threats within virtual machines (VMs) running on its Google Cloud infrastructure.

The new Virtual Machine Threat Detection (VMTD), now available in the Security Command Center (SCC), provides agentless memory scanning to help identify cryptocurrency-mining malware and other threats in VMs.

With more and more organizations adopting cloud technologies, the number of threats targeting the cloud has increased significantly, and VMTD represents one of the actions Google is taking to help customers secure their assets, the company said in a note announcing the capability.

With the majority of compromised cloud instances abused for cryptocurrency mining, VMTD was designed to help protect against this type of attack, as well as against data exfiltration and ransomware, Google says.

“Because VM Threat Detection operates from outside the guest VM instance, the service does not require guest agents or special configuration of the guest OS, and it is resistant to countermeasures used by sophisticated malware,” Google added.

The main idea behind VMTD is to help customers identify potentially malicious behavior inside their VMs without requiring them to run additional software, thus ensuring that performance is not altered in any way and that the attack surface remains low.

[READ: Google Cloud Unveils New SOC, IDS Solutions ]

“What we learned is that we could instrument the hypervisor — the software that runs underneath and orchestrates our customers’ virtual machines — to include nearly universal and hard-to-tamper-with threat detection,” Google says.

Launched today in public preview, VMTD is expected to become generally available in a few months. Google says it is also looking to add more capabilities and to integrate it with other parts of Google Cloud.

VMTD is now available as an opt-in service for Security Command Center Premium customers. It is available in the Virtual Machine Threat Detection section of the Security Command Center’s settings. Selecting “MANAGE SETTINGS” there will allow customers to choose a scope for VMTD.

Related: Researcher Awarded $10,000 for Google Cloud Platform Vulnerability

Related: Google Cloud Introduces New Zero Trust Offerings for Government

Related: Google Cloud Certificate Authority Service Becomes Generally Available

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.