A completely distributed, stateful, cloud-first firewall service, Google Cloud Firewall scales automatically to safeguard your cloud workloads. Users can deploy a trustworthy Zero Trust network security control in their cloud environment with Google Cloud Firewall using a special and straightforward method that doesn’t require any routing adjustments.
We introduced the Cloud Firewall Standard tier earlier this year, which included threat-intelligence capabilities, geo-location objects, and Fully Qualified Domain Name (FQDN) objects. Additionally, we introduced the Cloud Firewall Plus tier, which includes an intrusion prevention service (IPS), at Next 23. Cloud Firewall Plus offers network defense against malware, spyware, and command-and-control assaults in conjunction with transport layer security (TLS) inspection for encrypted traffic visibility.
Cloud Firewall Plus is our next-generation firewall in the cloud
To provide our consumers with superior security and NGFW capabilities, Cloud Firewall Plus combines Palo Alto Networks threat prevention technology with the distributed firewall fabric of Google Cloud. With the help of this innovative method, our users can easily and scale best-in-class security defenses to their dynamic cloud environment. Your Google Cloud workloads are transparently protected inline by Cloud Firewall Plus, which integrates Palo Alto Networks-powered threat prevention technologies and inspects north-south, east-west, TLS, and non-TLS traffic.
As a fully integrated Layer 7 module backed by tag-based firewall rules and hierarchical firewall policies, Cloud Firewall Plus provides IPS capabilities. With this strategy, Google Cloud users may implement threat protection services without having to modify their networks or topologies, which can lower overall infrastructure management and operating expenses.
You may impose specific firewall rules at the organization and folder levels in the Google Cloud resource hierarchy thanks to Cloud Firewall’s distinctive hierarchical firewall policy. You may create layered controls with the aid of hierarchical rules that are simple to delegate and can be independently audited for drift.
IAM-governed tags are those that have IAM permissions in place. By using these tags, users can assign administration of those groups inside their company using fine-grained authorization controls and establish their network firewall policies in terms of logical groupings. The usage of IAM-governed tags could speed up response time when security events happen. Applying a tag to an infected machine, for instance, could cause a remedial action to be taken, such as isolating the infected system from the rest of the network to stop lateral movement.
Scalability, performance, and simplicity with Cloud Firewall Plus
The intrusion prevention feature of Cloud Firewall works by using packet interception technology to reroute traffic for examination by Google Cloud-managed zonal firewall endpoints. Without altering routing or network architecture, this approach enables the insertion of threat prevention capabilities between any two linked network interfaces in Google Cloud, between two peer virtual private cloud (VPC) networks, within the same VPC, or within the same subnet.
The procedures listed below can be used to activate the intrusion prevention service in Cloud Firewall Plus:
- In the zones where you require the service, create Firewall Endpoints and link the VPC networks to them. These endpoints can be shared among various VPCs in your company.
- Identify threat response strategies and create security profiles.
- Utilizing the security profile you generated, configure Cloud Firewall Policy rules with a specified action for L7 inspection.
Google is in charge of the infrastructure, load balancing, autoscaling, software version upgrades, and threat signature updates for the firewall endpoints in the cloud-first service known as Cloud Firewall Plus. To prevent choke spots, the completely distributed firewall data plane scales dynamically with the dynamic traffic. The zonal firewall endpoints offer firewall inspection close to the workload to reduce latency.
The cost of Cloud Firewall Plus will be determined by the gigabytes of data processed for threat protection and the number of operating hours for each endpoint. Our Cloud Firewall offers two additional categories in addition to Cloud Firewall Plus: Essentials, which includes the core set of features, and Standard, which broadens the rules capabilities. When both Cloud Firewall Plus and Cloud Firewall Standard are active for the same traffic, only Plus will be charged for that traffic. Standard will not be charged at all.
Learn more about the various Cloud Firewall tiers here and decide which one best suits your requirements. Cloud Firewall Plus is now under preview, whereas Cloud Firewall Essentials and Standard are now freely accessible.
Further activities
Through a completely distributed, cloud-first, stateful firewall service with superior protection capabilities, Cloud Firewall may assist you in achieving a Zero Trust network security posture. To benefit from the enhanced threat prevention features and secure your cloud workload, you may currently move your VPC firewall rules to Firewall Policies.
[…] and ingests all free PubMed content for commercial use and is ready for Google Cloud SaaS use. Google Cloud’s data management and security support lets Cora easily ingest proprietary customer content and meet […]
[…] we were able to more thoroughly investigate the connection between working techniques and outcomes. Google thank everyone who took the survey this year and […]
[…] have opportunity thanks to the cloud to realize their strategic goals. Networking is one of the core elements of the cloud. This article […]
[…] is thrilled to be working with the global technological giant, Google, to assist the South Pacific Connect initiative. The CEO of Fiji International Telecommunications, […]
[…] with other security products: Web application firewall (WAF), Microsoft Defender for Cloud, and Azure Sentinel are industry-leading capabilities and […]
[…] are pleased to announce that Google Cloud has joined the DAOS Foundation as a founding member, which was established today by the Linux […]