Assist in defending your websites and apps against online threats and denial of service attacks.
Google Cloud Armor Advantages
Integrated DDoS protection
Google’s experience safeguarding important web properties like YouTube, Gmail, and Google Search is beneficial to Cloud Armor. It offers integrated defenses against DDoS assaults at the L3 and L4 levels.
Reduce the OWASP Top 10 hazards
Pre-established rules offered by Cloud Armor aid in the defense against assaults like SQL injection (SQLi) and cross-site scripting (XSS).
Protection fit for an enterprise
You may get curated rule sets, DDoS and WAF services, and other services for a fixed monthly fee with the Cloud Armor Enterprise tier.
Important characteristics
Adaptive defense
Use a machine learning system that has been locally trained on your apps to automatically identify and assist in mitigating big volume Layer 7 DDoS attacks.
Sophisticated DDoS defense for networks
Using external network load balancers, protocol forwarding, and virtual machines (VMs) with public IP addresses, workloads can be protected against volumetric network and protocol DDoS attacks with always-on attack monitoring and mitigation.
Pre-set WAF regulations
OWASP Top 10 protection and mitigation against common web-application vulnerabilities are provided by out-of-the-box rules based on industry standards.
Bot oversight
Offers your apps automated bot protection and aids in preventing fraud at the source and on the edge by natively integrating with reCAPTCHA Enterprise.
Limiting rates
Rate-based restrictions assist you in safeguarding your applications from a high volume of requests that overburden your instances and prevent authorized users from accessing them.
Cloud Armor pricing
Google Cloud Armor cost depending on application traffic and protection. Overview of typical cost structure:
Secure Policies:
- Monthly security policies cost $5.
- Traffic filtering policies are created and maintained here.
Security Policy Rules:
- Monthly $1 per rule.
- Charges per rule apply to policies with several rules.
HTTP(S) Request Fees:
- $0.75 per million Cloud Armor-evaluated HTTP(S) requests.
- Cloud Armor-filtered traffic incurs this fee.
Protection Adaptation:
- One protected resource per hour costs $0.10.
- This applies to automatic DDoS mitigation using Adaptive Protection.
DDoS Protection Costs:
Applications using the baseline Cloud Armor service receive free DDoS protection, although premium protection levels may cost extra.
Premium Features:
Depending on your use case, sophisticated security features like logging may cost more.
Check Google Cloud’s pricing calculator or documentation for current pricing based on your needs. Pricing varies by area and feature.
GCP Cloud Armor
As a world leader in digital interactive entertainment, Electronic Arts (EA) is renowned for its cutting-edge games, cutting-edge services, and potent technology. To safeguard its game servers and improve DDoS resistance, EA Sports FC, a major gaming brand, chose Google Cloud Armor to host its gaming infrastructure.
Gaming companies might suffer greatly from distributed denial-of-service (DDoS) attacks. They may interfere with player access to games, disrupt gameplay, or even harm game servers. This may result in decreased sales, unhappy clients, and damage to the business’s reputation.
The gaming industry was a primary target of the massive growth in volume and frequency of DDoS assaults over the past year. As per the Gcore Radar report for the second half of 2023, 46% of the attacks target the gaming industry, making it the most affected sector.
Armor Cloud hosting
Protecting against DDoS using Google Cloud Armor
At the periphery of Google’s Cross-Cloud Network is a web-application firewall and DDoS mitigation service called Cloud Armor. Applications and services that are installed on Google Cloud, on-site, or with another infrastructure provider are safeguarded by Cloud Armor.
With a focus on the gaming sector, Cloud Armor has been able to meet the specific requirements of L4 workloads like UDP by adding new products to its portfolio in the last year. Both GKE and GCE workloads are supported by the underlying networking infrastructure, which can be either virtual machines (VMs) with public IP addresses or an External Passthrough Load Balancer.
EA Sports uses our new custom network edge security rules in conjunction with enhanced network DDoS protection as a subscriber of Cloud Armor Enterprise. In order to fight against common volumetric network and protocol DDoS attacks, such as SYN flood, UDP flood, DNS reflection, and NTP amplification attacks, advanced network DDoS defense offers always-on attack detection and just-in-time mitigation.
Customers can design a set of security rules to permit or prohibit traffic at the network’s edge based on user-specified filters, including IP addresses, ASNs, ports, regions, and protocols, using Cloud Armor custom network edge security policies. Customers can match each security policy to the particular service they want to safeguard by attaching it to one or more backend services or virtual machines (VMs).
Additionally, deep packet inspection is carried out by Google Cloud Armor on incoming traffic to stop policy-violating activity. Clients can set up a security policy rule that, when combined with other filters, examines each incoming packet based on a user-specified TCP/UDP byte offset location filter.
Every incoming packet is assessed and subject to Cloud Armor security regulations at Google Cloud’s network edge, much upstream of client equipment. Our network’s size and reach enable Google Cloud to securely absorb and disperse massive attacks with the least amount of disruption to client infrastructure.
Together with additional clients and the EA Product Infrastructure and Engineering division, these new bespoke network edge security policies were created. The Cloud Armor team tested and refined the proposed service during the development period. The end product is a strong tool that enables EA Sports FC to enhance their DDoS protection and design security policies that are specific to their requirements.
Study up on Cloud Armor
A useful tool for defending game servers against DDoS attacks is Cloud Armor. It can ensure that gamers can keep having fun with their games while lessening the impact of attacks.