Welcome to the first Cloud CISO Perspectives for April 2024. In this update, we’ll give a list of some of the major announcements of security products and security enhancements to Google Cloud. There’s an even longer list here.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
–Phil Venables, VP, TI Security & CISO, Google Cloud
- aside_block
- <ListValue: [StructValue([('title', 'Get vital CISO Insights with Google Cloud'), ('body', <wagtail.rich_text.RichText object at 0x3e6ab61983a0>), ('btn_text', 'Visit the hub'), ('href', 'https://cloud.google.com/solutions/security/leaders'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>
20 major security announcements from Next ‘24
By Phil Venables, VP, TI Security & CISO, Google Cloud
We held our annual Google Cloud Next conference earlier this month, and from the start of our opening keynote we highlighted how AI is transforming the way that companies work, our incredible customer momentum, and of course our exciting product news — 218 announcements in total.
You can check out a recap of the keynote here. We made significant announcements in powering Google Cloud with Gemini and powering the next generation of AI startups with Google Cloud; and improvements to database management, workload-optimized infrastructure, and application development.
We also focused heavily on our work to advance secure products and security products, by making Google part of your security team anywhere you operate, with defenses supercharged by AI.
As we said at Next ‘24, what organizations need are security essentials that can “bring simplicity, streamline operations, and enhance efficiency and effectiveness.”
At Google Cloud, we’d of course like for all organizations to choose us as their security provider, but we are far more comprehensive than just what we bring to market. We recognize that 92% of organizations that use at least one cloud provider actually employ a multicloud approach. Our solution is to focus on securing Google Cloud customers — and their entire environment.
I’ve split the list of 20 of our major security announcements from Next ‘24 into those focused on Gemini for Security, which further empowers defenders to identify and mitigate risk.
- Gemini in Security Operations, a new assisted investigation feature, generally available at the end of this month, that guides analysts through their workflow in Chronicle Enterprise and Chronicle Enterprise Plus. You now can ask Gemini for the latest threat intelligence from Mandiant directly in-line — including any indicators of compromise found in their environment.
- Gemini in Threat Intelligence, in public preview, allows you to tap into Mandiant’s frontline threat intelligence using conversational search. Further, VirusTotal now automatically ingests OSINT reports, which Gemini summarizes directly in the platform; generally available now.
- Gemini in Security Command Center, which now lets security teams search for threats and other security events using natural language in preview, and provides summaries of critical- and high-priority misconfiguration and vulnerability alerts, and summarizes attack paths.
- Gemini Cloud Assist also helps with security tasks with IAM Recommendations, which can provide straightforward, contextual recommendations to remove roles from over-permissioned users or service accounts; Key Insights, which can help during encryption key creation based on its understanding of your data, your encryption preferences, and your compliance needs; and Confidential Computing Insights, which can recommend options for adding confidential computing protection to sensitive workloads based on your data and your compute usage.
We recognize that 92% of organizations that use at least one cloud provider actually employ a multicloud approach. Our solution is to focus on securing Google Cloud customers — and their entire environment.
Additional security announcements include:
- The new Chrome Enterprise Premium, now generally available, combines the popular browser with Google threat and data protection, Zero Trust access controls, enterprise policy controls, and security insights and reporting.
- Applied threat intelligence in Google Security Operations, now generally available, automatically applies global threat visibility and applies it to each customer’s unique environment.
- Security Command Center Enterprise is now generally available and includes Mandiant Hunt, now in preview.
- Introducing Isolator: Enabling secure multi-party collaboration with healthcare data.
- Confidential Computing, a vital solution for data security and confidentiality, now offers Confidential Accelerators for AI workloads, as well as an expanded portfolio of hardware options, support for data migrations, and additional partnerships.
- Identity and Access Management Privileged Access Manager (PAM), now available in preview, provides just-in-time, time-bound, and approval-based access elevations.
- Identity and Access Management Principal Access Boundary (PAB) is a new, identity-centered control now in preview that enforces restrictions on IAM principals.
- Cloud Next-Gen Firewall (NGFW) Enterprise is now generally available, including threat protection from Palo Alto Networks.
- Cloud Armor Enterprise is now generally available and offers a pay-as-you-go model that includes advanced network DDoS protection, web application firewall capabilities, network edge policy, adaptive protection, and threat intelligence.
- Sensitive Data Protection integration with Cloud SQL is now generally available, and is deeply integrated into the Security Command Center Enterprise risk engine.
- Key management with Autokey is now in preview, simplifying the creation and management of customer encryption keys (CMEK).
- Bare metal HSM deployments in PCI-compliant facilities are now available in more regions.
- Regional Controls for Assured Workloads is now in preview and is available in 32 cloud regions in 14 countries.
- Audit Manager automates control verification with proof of compliance for workloads and data on Google Cloud, and is in preview.
- Advanced API Security, part of Apigee API Management, now offers shadow API detection in preview.
- We expanded data residency guarantees for data stored at-rest for Gemini, Imagen, and Embeddings APIs on Vertex AI to 11 new countries: Australia, Brazil, Finland, Hong Kong, India, Israel, Italy, Poland, Spain, Switzerland, and Taiwan.
To learn more about how your organization can benefit from our announcements at Next ‘24, you can contact us at Ask Office of the CISO and stay tuned for our announcements next month at RSA Conference in San Francisco.
- aside_block
- <ListValue: [StructValue([('title', 'Join the Google Cloud CISO Community'), ('body', <wagtail.rich_text.RichText object at 0x3e6ab6198340>), ('btn_text', 'Learn more'), ('href', 'https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- Trends on zero days exploited in the wild in 2023: The first joint zero-day report from Mandiant and Google’s Threat Analysis Group shows that 97 zero-day vulnerabilities were exploited in 2023, a big increase over the 62 zero-day vulnerabilities identified in 2022 but still fewer than 2021’s peak of 106 zero days. Read more.
- Boosting data cyber-resilience for your Cloud Storage data with object retention lock: The new object retention lock for Cloud Storage makes it easier to meet regulatory standards, strengthen security, and improve data protection. Read more.
- Google Cloud offers new cybersecurity training to unlock job opportunities: Google Cloud is on a mission to help everyone build the skills they need for in-demand cloud jobs. We’re excited to announce new learning opportunities that will help you gain these in-demand skills through new courses and certificates in AI, data analytics, and cybersecurity. Read more.
- Google Public DNS’s approach to fight against cache poisoning attacks: We look at DNS cache poisoning attacks, and how Google Public DNS addresses the risks associated with them. Read more.
Please visit the Google Cloud blog for more security stories published this month.
Threat Intelligence news
- Cyber threats linked to Russian businessman Prigozhin persist after his death: Mandiant has tracked and reported on covert information operations and threat activity linked to Prigozhin for years. We examine a sample of Prigozhin-linked campaigns to better understand their outcomes so far, and provide an overview of what can be expected from these activity sets in the future. Read more.
- Ivanti Connect Secure VPN post-exploitation lateral movement case studies: Our investigations into widespread Ivanti zero-day exploitation have continued. In this post, we catalog some of the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances. Read more.
- SeeSeeYouExec: Windows session hijacking via CcmExec: The security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. Mandiant’s Red Team has utilized SCCM technology to perform novel attacks against mature clients, and released a tool to facilitate the technique. Read more.
- Apache XML Security for C++ Library allows for server-side request forgery: We identified a default configuration in an Apache library that could lead to server-side request forgery, which is being actively exploited, and provided recommendations and a patch to help defend against it. Read more.
Now hear this: Google Cloud Security and Mandiant podcasts
- How SecLM enhances security and what teams can do with it: Take a trip around Google Cloud’s security-trained model SecLM as Cloud Security podcast hosts Anton Chuvakin and Tim Peacock hear all about it from Google Cloud Security’s Umesh Shankar, distinguished engineer and chief technologist, and Scott Coull, head of data science research. Listen here.
- How Google Cloud defends against abuse: From stolen credit cards to fake accounts, Maria Riaz, Google Cloud’s counter-abuse engineering lead, discusses with Anton and Tim what “counter-abuse” is, how Google Cloud stops abuse, and the skill set needed to do so. Listen here.
- What’s so spiffy about SPIFFE: Modern cloud tech has made IAM, Zero Trust, and security (relatively) easy. Evan Gilman and Eli Nesterov, co-founders of Spirl, tell Anton and Tim why workload identity is important to cloud security, and how it differs from network micro-segmentation. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.