Google Cloud introduced its adaptive protection feature called Google Armor . This new machine learning-based protection service will aim to help businesses protect their Google Cloud applications and tools against DDoS attacks up to the highest level: level 7. The tech giant’s subsidiary is leveraging the same technology to provide Project Shield, a service from Alphabet, another Google company.
Providing quality protection against DDoS attacks
Google had already succeeded in blocking very large DDoS attacks: in 2017, a group of Beijing hackers managed to achieve a throughput of 2.56 terabits. From this success, Google developed Cloud Armor Adaptive Protection, which it presented in November to offer its customers a defense service against DDoS and with web application firewalls similar to the technologies used by the Mountain View firm.
Emil Kiner, product manager for Google’s Cloud Armor offering, explains the group’s desire to offer a quality protection service for its customers:
“We have been building and maturing this technology with internal and external design partners and testers over the past few years. All Cloud Armor customers can now try it out at no additional cost during the preview period.”
According to Google, Armor Adaptive Protection can help organizations detect anomalous traffic and take corrective action. While Level 3 and Level 4 attacks can be stopped on Google’s edge network, Level 7 attacks rely on legitimate web requests from compromised devices that have been linked to a botnet to bombard websites with an overwhelming amount of traffic.
Machine learning to mitigate DDoS attacks at the network edge
The new tool relies on machine learning to detect and protect tools used by businesses from Level 7 DDoS attacks, the highest level. Because attacks can originate from millions of individual IPs, manual triage and analysis to generate and apply blocking rules becomes time and resource intensive, ultimately allowing high volume attacks to impact applications.
The service offers three main features:
- Early warnings of abnormal or suspicious requests.
- Constantly updated signatures that explain a suspected attack.
- Customized web application firewall rules recommended to block attack traffic
The ML models to run the platform were built using TensorFlow. As a result, they efficiently and accurately detect application-level attacks and identify the overall risk in order to choose the best method to mitigate them. Firewall rules can be deployed by users to block the attack at the network edge in near real time.
This early detection is a real benefit to users to help them quickly counter these DDoS attacks before they can deeply infect infrastructure and cloud services.