Google Cloud Gets Virtual Machine Threat Detection
Google on Monday announced the public preview of a new tool to help identify threats within virtual machines (VMs) running on its Google Cloud infrastructure.
The new Virtual Machine Threat Detection (VMTD), now available in the Security Command Center (SCC), provides agentless memory scanning to help identify cryptocurrency-mining malware and other threats in VMs.
With more and more organizations adopting cloud technologies, the number of threats targeting the cloud has increased significantly, and VMTD represents one of the actions Google is taking to help customers secure their assets, the company said in a note announcing the capability.
With the majority of compromised cloud instances abused for cryptocurrency mining, VMTD was designed to help protect against this type of attack, as well as against data exfiltration and ransomware, Google says.
“Because VM Threat Detection operates from outside the guest VM instance, the service does not require guest agents or special configuration of the guest OS, and it is resistant to countermeasures used by sophisticated malware,” Google added.
The main idea behind VMTD is to help customers identify potentially malicious behavior inside their VMs without requiring them to run additional software, thus ensuring that performance is not altered in any way and that the attack surface remains low.
“What we learned is that we could instrument the hypervisor — the software that runs underneath and orchestrates our customers’ virtual machines — to include nearly universal and hard-to-tamper-with threat detection,” Google says.
Launched today in public preview, VMTD is expected to become generally available in a few months. Google says it is also looking to add more capabilities and to integrate it with other parts of Google Cloud.
VMTD is now available as an opt-in service for Security Command Center Premium customers. It is available in the Virtual Machine Threat Detection section of the Security Command Center’s settings. Selecting “MANAGE SETTINGS” there will allow customers to choose a scope for VMTD.