How to Improve Cloud Cybersecurity to Protect Google Cloud Platform

Cloud cybersecurity is key to combatting the heightened risk of cyberthreats in intricate hybrid cloud environments. Visibility is a major component of all areas of network security because you cannot stop what you cannot see. Google Cloud Platform (GCP) is a prime example of a cloud environment that requires an advanced network detection and response (NDR) solution, such as NETSCOUT Omnis Cyber Intelligence (OCI), to provide comprehensive visibility into complex network environments. This comprehensive visibility allows NETSCOUT’s Omnis network security solution to detect and mitigate cyberthreats in GCP and other cloud environments efficiently and effectively.

The Problem at Hand

With visibility being the key to a stout cloud cybersecurity posture, whether an organization is going through a digital transformation or is well-established in the cloud, it cannot afford visibility gaps. When undergoing digital transformations, public cloud is a prime area to expand into for many organizations, making it double as a prime target for adversaries. A seamless integration between the security solution provider and the cloud provider is a must to achieve maximum visibility, providing the best defenses before, during, and after data breaches.

Using packet data to see on-premises, in the cloud, in data centers, in co-los, and everywhere in between helps organizations see across their entire attack surface. NETSCOUT’s Visibility Without Borders platform accomplishes just this while complementing cloud-native security solutions, to provide holistic coverage and unmatched visibility.

NETSCOUT Cloud Cybersecurity Solution

OCI is powered by deep packet inspection (DPI) at any scale, allowing it to provide unparalleled advanced NDR capabilities that complement log and flow-based visibility natively available from many cloud providers. DPI at scale works by translating raw packet data into actionable intelligence. This occurs when the most important metadata is extracted from the packet and organized into the OCI console for easy analysis.

At OCI’s core lie Omnis CyberStream network sensors, which are available as an appliance or as virtual machines called vCyberStream. The sensors provide scalable DPI, integrating with network infrastructure to collect and decipher packets. This provides organizations with unparalleled visibility, which aids in accurately identifying vulnerabilities and threats in hybrid cloud environments.

A single vCyberStream virtual machine is capable of supporting multiple GCP environments, offering an efficient instrumentation solution. The sensors leverage GCP native packet mirroring technologies from virtual instances and load balancers to ensure the collection of all packets in an efficient manner. Packet mirroring sessions consist of mirror sources (where traffic is mirrored from, such as a virtual subnet), mirror destination (where mirrored traffic is sent, such as the vCyberStream monitoring port), and mirror filters (limits that can be set to ensure that only packets of interest are mirrored).

Once the packets are mirrored, OCI and CyberStream leverage NETSCOUT Adaptive Service Intelligence (ASI) to extract actionable intelligence and insights from the packets, leaving security teams with the most important information necessary to combat cyberthreats.
CyberStream can also execute multiple methods of threat detection in real time at the source of packet capture for both known and unknown threats. It also categorizes threats, when possible, by MITRE ATT&CK Framework techniques and tactics, to aid security teams in their quest to oust adversaries and minimize access.

As CyberStream detects threats, alerts are sent to OCI, the centralized management console, to be visualized, prioritized, and annotated by security analysts. Alerts can be investigated by looking into the packet metadata to gather forensic evidence that can be used to expedite incident response and remediation.

The NETSCOUT/Google Partnership

NETSCOUT and Google have partnered in areas of technology integration and marketplace offerings for both commercial and government entities. This technology collaboration is centered around interoperability with GCP packet mirroring, enabling functionality in both east/west and north/south instrumentation vantage points. The partnership extends beyond cloud security, also including application performance management solutions.

Learn more about how NETSCOUT Omnis network security helps protect GCP environments today.