September 27, 2023

Google Cloud is enhancing Cloud Armor networking defense service to protect customer workloads behind external network load balancers or virtual machines with public IP addresses or use protocol forwarding.

Until now, Google customers lacked defensive capabilities to protect those workloads, meaning they were at high risk of distributed denial-of-service and other attacks.

To overcome this lack of security requirement, Google Cloud introduced Cloud Armor Advanced Network DDoS Protection, providing customers with always-on attack detection and mitigation for such workloads. The new service will help to defend customers from some of the most common volumetric DDoS and protocol DDoS attacks, such as so-called SYN flood, UDP flood, DNS reflection and NTP amplification attacks.


Cloud Armor Advanced Network DDoS Protection runs behind the scenes, at the edge of Google’s network, where it passively monitors two kinds of signals. The first pertains to the customer’s workload’s health, while the second analyzes incoming traffic.

Cloud Armor, whenever detects early signs of workload distress or a sudden change in traffic patterns compared to the usual baseline, it will alert customers that an attack is taking place. It’s an always-on monitoring mechanism with a low false-positive attack detection rate that doesn’t add latency to traffic flows.

Once an attack has been detected, Cloud Armor analyzes the traffic to determine the attack signature, based on its curated signature database. Using this information, it can then deploy the most appropriate mitigation at the edge of the network.


The service will keep a record of past and ongoing DDoS attacks that customers can access at any time. During an attack, it will generate three types of event logs — the detection and start of mitigation, updates about the status of the attack every five minutes for as long as it remains active, and then the conclusion of the attack and the end of mitigation. Customers will also be able to see information such as the attack classification and traffic volumes.

Customers can apply Cloud Armor Advanced Network DDoS Protection by enrolling in Cloud Armor’s Managed Protection Plus program and need to configure the service to provide protection on a per-region basis for all Google Cloud regions they’re using.

Leave a Reply

%d bloggers like this: