Google announces threat detection for virtual machines in its cloud

Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It’s called Virtual Machine Threat Detection (VMTD), and will help select Security Command Center customers detect cryptomining malware inside their virtual machines.

Virtual Machine Threat Detection

A new addition to GCP’s Security Command Center

The Security Command Center is a centralized security and risk management platform for Google Cloud, which allows administrators to:

  • Make an inventory of their cloud assets
  • Identify misconfigurations, vulnerabilities and threats, and
  • Help maintain compliance based on industry standards and benchmarks

It also allows them to respond to and remediate discovered issues.

Customers of the platform’s Premium tier have the added bonus of being able to use its threat detection suite, which until now consisted of Event Threat Detection (detects malware, brute force SSH, data exfiltration, attempted account breaches, changes to 2-step verification settings, and more) and Container Threat Detection (detects container runtime attacks such as the execution of malicious scripts or added binaries).

The new feature – Virtual Machine Threat Detection – scans enabled Compute engine projects and VM instances to detect unwanted applications running inside VMs.

About Virtual Machine Threat Detection

“For Compute Engine, we wanted to see if we could collect signals to aid in threat detection without requiring our customers to run additional software. Not running an agent inside of their instance means less performance impact, lowered operational burden for agent deployment and management, and exposing less attack surface to potential adversaries,” Timothy Peacock, Product Manager at Google Cloud, explained.

“What we learned is that we could instrument the hypervisor — the software that runs underneath and orchestrates our customers’ virtual machines — to include nearly universal and hard-to-tamper-with threat detection.”

The capability is available as an opt-in service for Security Command Center Premium customers. It is still in Preview, and for the time being it will detect cryptomining software.

“Over the next months as we move VMTD towards general availability, you can expect to see a steady release of new detective capabilities and integrations with other parts of Google Cloud, ” Peacock concluded.




Share this