Connect with us

Hi, what are you looking for?


Application Security

Google Enhances Protections in Cloud Armor Web Security Service

Google announced recently that it has expanded the capabilities of Cloud Armor, a service that provides distributed denial of service (DDoS) protections and a web application firewall (WAF) to keep customers safe from web attacks.

Google announced recently that it has expanded the capabilities of Cloud Armor, a service that provides distributed denial of service (DDoS) protections and a web application firewall (WAF) to keep customers safe from web attacks.

Generally available since 2019, Cloud Armor leverages the same infrastructure and technology that Google uses to protect its own internet-facing properties.

To expand the service’s capabilities, Google introduced Cloud Armor Adaptive Protection, which leverages machine learning to fend off Layer 7 DDoS attacks. Now in preview, the new functionality is available to all Cloud Armor customers, Google says.

Additionally, the Internet giant announced the general availability of a set of four new preconfigured WAF rules, along with a reference architecture, as well as a preview of new Cloud Armor protection for content delivered from Cloud CDN or Google Cloud Storage backend buckets.

By monitoring traffic out-of-band, Adaptive Protection learns what normal traffic patterns should be, building a continuously evolving baseline for each application or service. Thus, it can immediately spot and investigate suspicious traffic patterns and mitigate attacks in near-real time.

Google could previously mitigate volumetric- and protocol-based attacks (Layer 3 and Layer 4) at the edge, and is now targeting application layer (Layer 7) attacks that represent a growing threat. Such attacks, the company notes, employ legitimate web requests at volumes high enough to take down sites and services.

“This problem has grown increasingly acute as the size and frequency of DDoS attacks increases with the proliferation of widely-available DDoS attack tools and for-hire botnets. Since attacks can come from millions of individual IPs, manual triage and analysis to generate and enforce blocking rules becomes time and resource intensive, ultimately allowing high-volume attacks to impact applications,” Google says.

Advertisement. Scroll to continue reading.

Alerts generated by Adaptive Protection, the company explains, are sent to the Cloud Armor dashboard, Cloud Logging, and Security Command Center. Next, attack-specific signatures and a WAF rule are generated to efficiently detect application-level attacks and mitigate them. Users are presented with the WAF rule and can choose whether to deploy it or not.

Google already employs Adaptive Protection in Project Shield, the service that helps it protect the sites of news outlets, human rights organizations, and those used for election monitoring.

To get started with Adaptive Protection, Google’s customers can simply head to the Cloud Armor section in the Console and “enable” the policy. A subscription will be required for certain functions once the capability reaches general availability.

Related: Google Workspace Gets New Security Features

Related: Google: New Chrome Zero-Day Being Exploited

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.