Google has announced Cloud Armor Adaptive Protection. The service uses technologies such as machine learning to recognise DDoS traffic and prevent servers from falling victim to DDoS attacks.
The product builds on Google’s years of experience in mitigating DDoS attacks, such as the 2.54Tbit/s attack it recently managed to handle.
Google uses the experience gained in such attacks, combined with machine learning, to recognise patterns in traffic originating from DDoS attacks. The algorithm learns common traffic patterns, so it can quickly notice when something out of the ordinary happens.
Peter Blum and Sam Lugani, who led the development of the new software, give an example. “Attackers frequently target a high volume of requests against dynamic pages like search results or reports in web apps in order to exhaust server resources to generate the page.”
When an attack does occur, Adaptive Protection automatically sends a warning to the customer. It indicates why it thinks the detected traffic is malicious and suggests rules to mitigate the attack. This should save customers hours of work analyzing the traffic.
Another feature Google adds to its security package is Firewall Insights. The feature scans the network settings and checks for possible conflicts in firewall rules due to overlapping network rules with different priorities.
Google also adds a feature to mirror traffic on Virtual Private Clouds to third-party network inspection services. This feature, along with Firewall Insights and the DDoS protection with machine learning, will be available soon.