With the seemingly never-ending list of threats, keeping your websites and applications secure is a constant challenge. At Google, we strive to help you operate your mission critical workloads securely and efficiently, while reducing toil along the way. Over the first half of this year we’ve made several critical features and capabilities generally available for Google Cloud Armor, including WAF rules, geo-based access controls, a custom rules language, support for CDN Origins servers, and support for hybrid deployment scenarios.

At Google Cloud Next ’20: OnAir we’re simplifying the way you can use Cloud Armor to help protect your websites and applications from exploit attempts as well as distributed denial-of-service (DDoS) attacks.

1. We’re announcing the beta release of Cloud Armor Managed Protection Plus, a bundle of products and services that helps protect your internet-facing applications for a predictable monthly subscription fee.
2. We’re making Google-curated Named IP Lists available as a beta.
3. We’re continuing to expand our set of pre-configured WAF rules by launching beta rules for Remote File Inclusion (RFI), Local File Inclusion (LFI), and Remote Code Execution (RCE).

Cloud Armor: DDoS Prevention and WAF.

Introducing Cloud Armor Managed Protection Plus

Cloud Armor Managed Protection Plus leverages the edge of Google’s network, as well as a set of products and services from across Google Cloud, to help protect your applications from DDoS attacks and targeted exploit attempts. With Managed Protection, you can now benefit from the same scale and expertise Google employs to protect your applications and mission critical services from malicious activity on the internet.

Managed Protection tiers (visible to customers enrolled in beta)

Managed Protection is available in two service tiers: Standard and Plus. All existing Cloud Armor users, as well as workloads behind any of our global load balancers, are automatically enrolled in Managed Protection Standard. At this level, you get Google-scale volumetric and protocol-based DDoS protection for any of your globally load balanced applications and services, as well as access to Cloud Armor WAF and layer 7 (L7) filtering capabilities, including the pre-configured WAF rules subject to usage based pricing based on rules, policies, and requests.

Cloud Armor Managed Protection Plus, which is now in beta, is a subscription service with a predictable, enterprise-friendly monthly pricing model that mitigates cost risk from defending against a large L7 DDoS attack. Managed Protection Plus streamlines and bundles in DDoS protection, Cloud Armor WAF, and other future value added services. Customers that subscribe to Managed Protection Plus will get access to DDoS and WAF services, and curated rule sets for a predictable monthly price based on the size of a deployment. Since Cloud Armor WAF usage is included in Managed Protection Plus, subscribers no longer need to worry about the number of queries processed or the size of an L7 attack. Managed Protection Plus subscribers will also have access to a growing list of advanced capabilities, including Named IP Lists and future Google-curated rule sets and services. Sign up your projects for access to the beta.

#google cloud platform #identity & security #security