DDoS: Google has a new tool to defend against attacks launched by botnets

Google Cloud customers can now test out Google's answer to distributed denial of service (DDoS) attacks.
Written by Liam Tung, Contributing Writer

Google Could have unveiled a public preview of Cloud Armor's Adaptive Protection -- a machine learning-powered method of detecting and protecting enterprise applications and services from Layer 7 DDoS attacks. 

It's the same technology that Google uses to provide Project Shield, a free service from Google parent Alphabet that protects human rights, government and media organizations against DDoS attacks.  

Google in the past has blocked mind-blowingly large DDoS attacks, including one in 2017 that clocked in at 2.56Tbps that is pinned on a Beijing-backed attacker.   

SEE: Security Awareness and Training Policy (TechRepublic Premium)

In November, Google unveiled Cloud Armor Adaptive Protection as part of its DDoS defense and web application firewall (WAF) service that provides customers with the same technology Google uses to protect itself. 

Its Adaptive Protection technology uses machine-learning models to analyze signals across web services to detect potential attacks. It can detect high volume application-layer DDoS attacks against web apps and services and accelerates mitigation by spotting abnormal traffic.

The move to a public preview means that all Google Cloud customers can test out its functionality. 

"We have been building and maturing this technology with internal and external design partners and testers over the last few years. All Cloud Armor customers can try it at no extra charge during the preview period," said Emil Kiner, a product manager for Google's Cloud Armor. 

Google Cloud also released new preconfigured WAF rules and reference architecture to help customers eliminate OWASP web-app vulnerabilities. 

"Adaptive Protection quickly identifies and analyzes suspicious traffic patterns and provides customized, narrowly tailored rules that mitigate ongoing attacks in near-real-time," Kiner explained. 

He noted that while Level 3 and Level 4 attacks can be halted on Google's edge network, Level 7 attacks rely on "well-formed" and legitimate web requests.

SEE: Google's new cloud computing tool helps you pick the greenest data centers

These requests are generated automatically from hacked Windows, Mac and Linux devices, which make up a botnet and spew junk traffic in volumes that most websites can't withstand. 

"Since attacks can come from millions of individual IPs, manual triage and analysis to generate and enforce blocking rules becomes time and resource-intensive, ultimately allowing high-volume attacks to impact applications," Google noted. 

The Adaptive Protection service, which is aimed at security operations teams, provides early alerts about weird requests based on: how much backend services are used, constantly updated signatures that explain a suspected attack, and recommended custom WAF rules to block attack traffic.

Editorial standards