Google’s Virtual Machine Threat Detection (VMTD) is now generally available. The service allows customers to detect crypto mining activity in their Google Cloud environments.
VMTD was released as a public preview six months ago. The service is now generally available to all Google Cloud users. New functionality was added in the past six months.
The service allows users to scan their Google Cloud environment for hacking attempts from the Security Command Center. The solution is agentless. Its scanning technology was built directly into the hypervisor of the data center infrastructure. VMTD analyzes the data of instances to find crypto mining software and traffic.
Google VMTD has a key advantage over traditional security products. The service’s security measures are extremely difficult to disable for hackers. Furthermore, the agentless design simplifies the daily work of administrators. Deploying agents can be cumbersome in environments with thousands of instances, and VMTD removes the need to do so.
Over the past few months, Google added and tweaked multiple VMTD features. For example, Google Cloud instances can be scanned for malware more frequently. A scan process runs every 30 minutes and the findings are displayed at the end of the day.
Malware is detected by analyzing the usage patterns of memory in cloud instances. This can provide insight into potentially malicious traffic and workloads. Key memory components are scanned more frequently than others. Furthermore, Google Cloud’s VMTD service now detects both malware programs and seperate workloads associated with crypto mining.
In the near future, Google Cloud plans to expand VMTD to include other security use cases, broadening its capabilities beyond crypto mining. The service should be able to detect rootkits and bootkits, which are difficult to spot for some traditional security solutions. According to Google Cloud, the integration of VMTD into the hypervisor makes detection much easier.