Application Security

Google Cloud Armor adds rate limiting, bot management, threat intelligence and more

Google Cloud Armor adds rate limiting, bot management, threat intelligence and more
Written by ga_dahmani
Google Cloud Armor adds rate limiting, bot management, threat intelligence and more

Google Cloud said today that it will add to Cloud Armor’s capabilities to prevent the increasing sophistication and intensity of cyberattacks against its cloud customers.

Google Cloud Armor is the company’s premier network defense service, used both internally to protect services like Gmail and YouTube, and externally to safeguard customers’ own applications and services.

As Shane Wang, product manager at Google Cloud, and Naya Dwarakanath, customer service engineer, explain in a blog post, cyberattacks have evolved beyond isolated, distributed denial-of-service attacks. These days, they said, attackers use many more comprehensive techniques, including volumetric flooding DDoS attacks, bot attacks, and API abuse to try to shut down their targets.

Therefore, Google Cloud aims to thwart such attacks with a range of new features within Cloud Armor. Perhaps the most useful is the new speed limitation ability. Wang and Dwarakanath said that customers’ web applications have been frequently targeted by high-volume requests, such as HTTP floods, that are intended to make those services unavailable. To counter such threats, customers now have the flexibility to limit the rate of requests their applications and services can receive.

Cloud Armor’s rate limiting feature makes it easy for customers to throttle traffic to back-end resources based on request volume, preventing unwanted traffic from consuming too many resources and impacting service availability. Cloud Armor now offers two types of rate-based rules. Clients can impose a maximum request limit per client or a maximum request count across all clients based on HTTP request properties. Additionally, they can implement a rate-based ban, which caps the rate or temporarily bans connection requests that exceed a specified limit.

“Clients use Cloud Armor rate limiting to prevent per-client abusive behavior such as brute force login attempts against their sites,” Wang and Dwarakanath wrote. “Similarly, rate cap rules can be enforced more strictly by using the CEL-based custom rules language to impose different rate caps on, for example, different countries where they don’t have any (or many) customers, and use rate capping to throttle those attacks.

Meanwhile, to deal with bot attackscredential stuffing, scraping and hoarding of inventors, Google Cloud is performing company reCAPTCHA generally available. Cloud Armor now integrates with reCAPTCHA Enterprise to identify bots and block their access to a certain service or redirect them to alternative content based on their risk score.

Alternatively, customers can choose to have suspicious bots solve a reCAPTCHA challenge when they trigger certain rules. In such cases, the user would have to pass the challenge to gain access to the requested application.

A third new feature announced today is updated preconfigured web application firewall rules that are designed to help customers mitigate the top ten vulnerabilities identified by the Open Web Application Security Project.

“With this preview, customers can implement the latest industry standard WAF signatures in Cloud Armor security policies to selectively filter Layer7 traffic and protect their applications and web services from exploit attempts such as SQL injection (SQLi) , cross-site scripting (XSS) or remote code execution (RCE),” said Wang and Dwarakanath.

Google Cloud Armor further enables enterprises to employ a “defense-in-depth strategy” with the preview availability of Google Cloud Threat Intelligence for cloud armor. This service provides out-of-the-box, continuously updated threat intelligence for customers to enhance their network security based on the latest threats and techniques they can expect to face.

“With the new Threat Intelligence curated by Google, customers can configure security policies to filter traffic based on the following four categories: Tor exit nodes, malicious IP addresses, malicious bots, and public cloud endpoints, with more categories planned in upcoming releases,” Wang said, and Dwarakanath explained.

Meanwhile, Google said it is extending Cloud Armor to cover additional types of workloads through the introduction of new edge security policies and support for proxy load balancers.

In a second blog post, Cloud Armor Senior Product Manager Emil Kiner and Network Security Portfolio Product Manager Gregory Lebovitz said the new edge policies will help extend their protections to payloads. that rely on Google Cloud’s cloud storage, media CDN, and content delivery network services. On top of that, Cloud Armor gets support for TCP Proxy and SSL Proxy load balancers, helping to protect against malicious traffic attacking them.

Google Images

Show your support for our mission by joining our Cube Club and Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

About the author


Leave a Comment