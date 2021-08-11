



How is network security managed in the Google Cloud environment? This question has been frequently considered by security operations teams as domain responsibilities are increasingly intertwined with the increasing complexity of managing infrastructure in the public cloud. Meanwhile, sophisticated hackers and country-sponsored threat actors are constantly scanning for instances exposed to the Internet, exploiting newly discovered vulnerabilities. Meanwhile, security teams face ever-increasing challenges in scaling operations to effectively detect and respond to threats. This is a paradigm of concern and presents difficult scenarios for understaffed security operations teams.

As presented, there is much more work to be done in the complex and dynamic nature of cloud security and incident response operations. Unfortunately, companies lack many of the features they need to achieve speed, scale, and accuracy for effective response and remediation measures.

Thankfully, help is on the way. Recently announced, Google Cloud IDS is a next-generation cloud-native intrusion detection service (IDS) that provides threat detection for intrusions, malware, spyware, and command-and-control attacks. Built with Palo Alto Networks threat detection technology, this native Google Cloud service can be integrated with Cortex XSOAR to help organizations automate incident response processes and improve network-wide security.

Google Cloud IDS Content Pack

The latest content pack released for Cortex XOSAR features Google Cloud service integration that allows organizations to automate the repair of intrusions and response activities. Today, security teams can leverage scale and improved standardization to carry out security operations and incident response processes, enabling effective alert processes.

Benefits: Standardize SecOps with Cortex XSOAR case management that automates intrusion detection, response, and remediation actions across Google Cloud VPC Visibility of malicious activity hidden in network traffic across your network SecOps speed, scale How does the Cloud IDS Content Pack work?

Google Cloud IDS alerts are automatically populated into Cortex X SOAR through the Google Cloud Pub / Sub integration. Cortex XSOAR automatically creates an incident for each Cloud IDS alert captured and triggers the corresponding playbook. The playbook automatically extracts the attacker’s IPs and adds them to the cloud firewall rule deny list. This blocks an attacker from gaining further access to your VPC. Google Cloud IDS provides complete visibility into malicious activity within your VPC, and Cortex XSOAR automates incident response processes that combine to improve the security of your entire network.

How CortexX SOAR automatically blocks attackers through integration with Google Cloud Pub / Sub and Google Cloud Compute Engine

All Cloud IDS alerts are easily captured in Cortex X SOAR

The Cloud IDS-IP Blacklist GCE Firewall Playbook automatically extracts the attacker’s IP address from Cloud IDS alerts and adds that IP address to the Google Cloud Compute Engine Firewall Deny List. This will automatically block the attacker’s IP address from accessing Google Cloud. See the Cortex X SOAR documentation for detailed deployment instructions.

View automated Google Cloud IDS response playbook behavior

Conclusion

With the help of core features of CortexX SOAR and Google Cloud IDS, security operations, incident response, and threat intelligence teams can work more efficiently by eliminating the manual processes surrounding threat detection and response. Cortex XSOAR can automate the process of intrusion investigation, enhancement, and threat hunting by coordinating Google Cloud and related tools (SIEM, firewalls, endpoint security, threat intelligence sources, etc.) as a whole. The resulting scenarios enhance coordination and orchestration between security teams and minimize risk and exposure to the enterprise.

You can read more about Google Cloud IDS and sign up for preview access, or explore Cortex XSOAR and try the free Community Edition.

