Google Cloud – Raising the Bar for Cloud Security

By Craig Kennedy

Back in November 2021, Google published a security report that identified the ongoing exploitation of cloud computing servers within Google Cloud. Of the 50 compromised google cloud instances they reviewed, they found that 43 of them were being used to perform malicious cryptomining attacks, a very resource-intensive operation that can accumulate significant costs to the owner of the compromised systems. 

Google Responds

On February 7th, 2022, Google announced that it was significantly enhancing its Security Command Center (SCC) platform by adding a new layer of protection called Virtual Machine Threat Detection (VMTD). VMTD continuously scans the memory of virtual machines (VMs) running in Google Cloud for indication of running malware.

VMTD is being rolled out as a public preview with the initial focus on detecting cryptomining attacks, not surprising given the results of their November report. Google is indicating that this same technology can be used to detect other malicious attacks such as data exfiltration and ransomware. Google will be rolling out more detection capabilities in the coming months as they transition the solution to general availability status.

Agentless Protection for All Virtual Machines

The interesting thing about this is that all instances are getting this capability without the need to install any new software or agent on the VMs. Google was able to accomplish this by instrumenting the hypervisor to detect patterns of malware within the memory allocated to each VM. Google is providing this capability as an opt-in feature that is disabled by default for any client that has issues or concerns with their cloud provider accessing the memory for their services.

Bottom Line

If this technology proves to be effective, it will completely change security in the public cloud, essentially enabling malware detection to be natively built into the cloud infrastructure for all workloads deployed in the cloud to seamlessly inherit. The remaining question is whether the other public cloud providers will follow Google’s lead and employ similar security solutions on their platforms.