Security and Trust on Google Cloud (Cloud Next ‘19 UK)

Security and Trust on Google Cloud (Cloud Next ‘19 UK)

Show Video

All. Right good. Afternoon and thank you for coming to our spotlight, session, on security, and trust my, name is Rob Sadowski, and I lead security product, marketing, here at Google, cloud I'm. Also going to be joined by several colleagues who will be coming, on and showing you various, other things during the course of our session so. At Google cloud security, is, one of our primary design, criteria, and it's, one of our biggest focus, areas, for product, innovation, and when. We think about security. This is the organizing, framework that we're going to use for the rest of our talk we, think of it as falling in three broad areas the. First is, security. Of our cloud this is how we build security. Capabilities. Many of which you get by default into, our cloud infrastructure, the. Second, is security, in our cloud so, these are the capabilities that you have that you can configure to help protect your users help, protect your data help. Protect your applications, when you're using and take advantage of our cloud services and finally. We. Talk about security anywhere this is how we work to bring the best of Google's security capabilities. To you with your on or off our cloud platforms. So again we're going to use this framework to guide the, rest of our session but. Before we get into some of our announcements, and delve down into this in a little more detail, I want, to reiterate some, of the key points, that Thomas, and Suzanne made in the keynote this morning because, they're, important, and they also provide helpful context. For what we're gonna go into next, so, our cloud, is designed, to fully empower. European. Organizations. With your strict data security, and privacy, requirements, and preferences, and really, any other organization. Around the world who shares those same values shares. Those same priorities, around security. And privacy so, with the capabilities, that we offer or that we're introducing, you can be confident, that you can store your data inside. A European, region you, can prevent your data from being moved outside that region outside of Europe that you can prevent it from being accessed, from outside of Europe with some of our controls, in, terms of transparency, we really feel that we can build trust. With you through, transparency. And so you, can require approval, before cloud, admins, access, your data and you can see when that data happens in those very rare occasions, and mostly, this is often, initiated. When you initiate support, requests are the things like that you, can see what, was the reason we're the administrators, are located, and why, that access, actually, happened and finally. In terms of control you're gonna hear a lot about, what you can do to really take control over, your data and over your configurations. So, especially. When it comes to data and it comes to encryption you can manage your own encryption keys you, can store your own encryption keys outside of Google and you could deny Google the ability, to decrypt. Your data and maintain, the ultimate, and be the ultimate arbiter of access, to that data we're going to delve down as those products, show you how they work and, really get into that a little bit more so. First, let's, start by, getting to some of the security in event innovation. That we've made available to, you of our. Cloud and so. It starts, with our infrastructure, foundation, this is where it all begins if we don't have a strong foundation, everything. You put or build on top of it is gonna be at risk so. We're focused, on defense, in depth at scale. By. Default, as much as possible so for example, all of our hardware at Google, cloud and Google, that you run on is purpose, built and designed by our own engineers, to our specs both, in terms of security and other, characteristics, of it we, employ a custom, design chip our Titan ship that serves as a hardware rooted, trust to, ensure that no untrusted. Software, can, run on our infrastructure. Identities. Both users, and machines. And services, are all strongly, authenticated. Inside, this infrastructure, the. Data that's stored on our infrastructure, is automatically. Encrypted, at rest by. Default without you having to do anything and your, data in transit to our services, are also, always encrypted. And finally. We have a dedicated operations. Team right part, of our part of share responsibility. That, works to detect threats run, this infrastructure, respond, to incidents 24, by 7 by 365. And we. Undergo regular, independent. Third-party verification. And, audits to examine, the controls that we have in our data center in our infrastructure, and our operations. And these certifications. Include, the most widely recognized internationally. Accepted, security. Standards, so things like I so things. Like sock controls, other capabilities. Like that and we also provide documentation, for you on how you can use and configure our, products, and services to, help you meet various.

Compliance. Requirements, around the world meet, your obligations and. So, some recent, additions, that we have focused. Here on the European region are tae-suhk certification. For the auto industry here, in Europe it's. Fin must certify for financial. Institutions in, Switzerland, it, also is HDS certification, so we can host healthcare, data in France in. The US if you operate there we, add a documentation. For, NIST, 834. And have, an authorization to host DISA, information. Level to information, and finally, if you're operating in Singapore we know a lot of financial institutions here, in London. Also operate, in Singapore, we. Added up our certification. For G suite and we publish documentation, for GCP in. Accordance with the monetary authority, and the association. Of banks guidelines so you can as you can see you know if you've been with us for a while I've been seeing, what we're doing this, list keeps, growing keeps expanding, over, time you, know really is a based, on a lot of your input for what we do, so. With that we're gonna transition to describing some of the newest updates, for security, in the cloud and I'd like to bring up my colleague Jess who's, gonna start with some of the updates for Google cloud platform so, Jess take it away thank. You sir all right, all. Right hello. Everybody so. I'm going to talk to you a little bit about the new improvements, in security in our cloud these are all of the configurations. That you have at your disposal to. Create your own security, posture, in GCP, the. First exciting, announcement, we have in this space is the external key manager, so you saw this a little bit earlier in the in the keynotes. The, the. Data inside of GCP is always encrypted by default at rest and of course you have key management for your applications. We. Give you a lot of option in terms of how you handle. Your keys you can use our cloud kms which will create, and manage and and rotate those keys for you you, can bring your own keys you can use our HSMs, and now, to that roster we're adding the ability to, have a completely, external. Third-party key manager, so we have seamless integration, which with a variety, of of. The most popular, key management tools out there for tenex, falis ionic, unbound, and Equinix, so, you get to choose which key management solution, is right for you you might already have one on Prem but, the really important, thing is that this really, takes the key management function, and the ability to decrypt, data out of the hands of Google entirely so. I'd. Like to bring up ill, son Lee to give us a quick sneak peek at how this will work. All. Right hi everyone my name is ill, sung Lee I'm the product, manager for, this wonderful thing that, we're calling external key manager and so hopefully, you saw the keynote this morning and it's. Been the, labor of love that I'm super, happy that we can actually talk about today so let, me give you a really, really quick, just. Let, me unlock my machine let me give you a really quick rundown, of how this will work and I promise, to keep the demo really you. Know short and sweet so. First of all how, many people here use kms, or familiar with the UI. Okay. That's great so, if you look right now I will take like a keyring, that I've already created it doesn't really matter what, it is but, the thing that you're gonna notice is that you, are going to see the fact that, that.

There, Is gonna be new versions, with actual, the, actual key ring itself so. If I just basically turn on the debug panel it's on and then I, actually go back to. Versions. And then. I go back to create key, then. What you're gonna see is that the. UI is a little bit different now right than, what you're used to so we now have this new video button here that says externally, managed key so. When, you select this you're saying to our our, you. Know kms system that, I want to use a key that's outside, the Google cloud and the, way that you accomplish this is that you basically have to do live in negotiation, with the external key manager, using, the service account to actually you, know give. Them authorization. Or to authorize, the service account to access a key and then, they'll give you back a URI the, URI is the end point for the key itself and so, for example I already have a key that's already created ionic, and I. Just put the URI in here and I'd create I'll, have to give a name so like test four or whatever it, doesn't really matter and. I create this and then, the key has been created and you'll see that it shows up as an, external key here okay. Now you can use a key for like, the just said with bigquery and GCE CMAC and I've. Already set up a bit query instance with using. That key to actually you know encrypt, the data so, if, I run the key I mean I run the query it's, going to show, that the results uh says hello, world external, key manager is amazing, right, now let me go to that ionic, dashboard, and in. Here you'll see that I. Set, up a policy that disables, a key okay and, so, if I enable this policy, that is. Going to make, the key no longer available so ionic, will actively, you, know, disallow. Any kind of key requests to actually do encryption and decryption then, I try running this again it, says, that the cube across cannot be fulfilled the external key is not available, so, you. Know think about that that's a pretty powerful story, right so I use a system. Outside of Google to. Now say that you can't access or run this query because you can't decrypt the data arrest and of, course if I go back and I just basically, you. Know disable, policy so in other words enable, the key then. You'll see that if i run this that. It comes back okay. So, that. Was a short demo by external key manager oh. And. One last thing sorry. Also, i know a lot of you are using cloud hsm and so a couple of things i want to announce is that cloudy. HSN now is available, in all regions around the world and every multi region except global and also, that, that. The key import, feature if you're now where is now GA so, you know go nuts with that thank, you all. Right thank you. The. Other really interesting feature, that we announced today or, we. Referred, to today in the keynote was key access justification. So this is something, that can be paired up with the external key manager, and together create a really powerful story so if you're familiar with the transparency, that we do we, were the first cloud vendor and I think still the only cloud vendor that provides access transparency. Into all, of the requests, that are made to access your data in any way shape or form and then back in April we, announced the ability to do access approvals, which meant that you got the ability to allow or deny who, gets. Access when those requests, come along so. This is an extension of that another industry-first, key, access justifications. Every time there is an access just access. Request to your data will, give you a full detailed, justification. Of. Of. Why that request was made and who has made that request and. Then you have full approve, or deny rights, to, grant, or, deny access for, that request so. This is you, know paired up with the access, transparency, and external key management gives, you really, really tight control much much further tight control around, the access to your data and decryption of your data than any other cloud provider can give you today.

All. Right moving on to cloud security command, center so the command center went GA in, April, at the next event in San Francisco and. Since. Then there are thousands, and thousands of our customers, around the world using command center, we. Are today, announcing. That. We are we. Are building. A premium, edition of. Command, center so, that will leverage the standard, edition that we have already and provide, additional functionality. On top of that there's three main areas of, functionality, we're gonna provide the first one is we're gonna use Google's own threat intelligence in order to find and mitigate threats in your environments, in the cloud we're. Going to provide vulnerability. Detection, and mitigation and, we're also gonna be able to find misconfigurations in your own cloud, workloads, and deployments, and help you fix those things so. I'll give you a little bit of a preview, into some of these things two. Of the components, inside of cloud, security command center premium are, now in in, like beta and and. Are widely being used by a lot of our customers if you haven't seen them or aren't using them you might want to look at those they're available to anybody today security. Health analytics is the first one so misconfigurations, are, the largest, cause of breaches out there in, in, the world today both. On pram and in cloud environments. So security. Health analytics, helps our customers by finding, and helping mitigate any. Misconfigurations. That exist in your environment we. Do this broadly, across dozens and dozens of different Mis configuration, types and, we also now have support for CIS benchmarking. Where, we are supporting, a specific standard, and keeping you in compliance. With that standard. Some. Of the MIS configurations, that we find, publicly. Expose buckets, that should be private is probably the most common, source of miss configuration, that leads to breaches we find those for you will find exposed credentials, will, find overly, permissive firewall. Rules, and. Help you tighten. Up your firewall rule configurations. We'll find lots of places we're logging and monitoring aren't necessarily, turned on where you, could have better visibility and security if you activated, those monitoring, capabilities, on. The VM side places. Where IP forwarding, is enabled and doesn't need to be creating, a whole that doesn't need to be there private, cloud API access not being enabled there's, a ton of stuff on gke clusters, some of the things that are really, prevalent. Are showing, you where things are disabled, that provide better security, like private, clusters Network policies, look IP. Aliases. We, have multiple, places. Where we'll find where authorization. Systems, are activated but don't necessarily need to be and those, provide gaps for access as well and then, on the CIS side we worked with CIS, the organization.

Re-crafted. A lot of the CIS, benchmarking, and updated everything and now, we are supporting, full CIS, scanning, so on an ongoing basis, we'll tell you if you are up to snuff with CIS benchmarks. And. What you need to change if not so we're, gonna be adding all kinds of, other certifications. Both security. Certifications. And regulatory, certifications. In this product as well to, help monitor and make, sure you're in compliance with those. The. Other product, which is now in public beta is event, threat detection so event threat detection takes all of the logs across your entire GCP, environment, aggregates. Those for you and runs, them all through a detection. Pipeline, in near real-time in, order, to be able to use all of googles threat intelligence same, thing same, threat intelligence we use to protect ourselves internally. We, are using in this solution to find and mitigate threats in your environment so. That, will move on to our oh, wait. Actually the types of things you find we bring up to him in one second. So in this initial version malware, cryptocurrency, mining phishing, I am abuse and anomalous use for I am outgoing, DDoS. Attacks, brute-force, attacks leaked credentials, hijacked. Accounts, and compromised, machines so this is all the stuff that the product can do today out of the box these configurations. Are really, literally as easily as flipping a switch and turning these things on and. Will continue to build out new detections, as we go pretty substantially, over the course of next year so, now I actually want to bring my good friend Tim peacock up to give you a quick demo. Thanks. So much for that yes hi folks I'm Tim peacock and in one sec I'm. Gonna make. Sure that our system is set up to actually be vulnerable and we're looking good so. SSH. Brute force is one of the most common ways we, see cloud instances, get popped today so, I'm, going to log out of this instance and now we're gonna SSH brute force our way into it this, is an attack that's been around since SSH. Has been around but we see it today in cloud people deploy an instance it's exposed to the Internet and people are deploying instances, with misconfigurations.

Weak, Configurations, and it's one of the most common ways we see things get popped and it's not as if you're being targeted it's just part of the background radiation of the internet so we've built within event threat detection a mechanism, to identify these attacks in near real-time as they're occurring by, taking the logs off of your instances aggregating. Them in stackdriver and pulling them into ETD, security. Teams are able to identify these threats and very, close to real-time so, what you're seeing oh don't. You guys need it when your phone rings or the middle of the presentation it's. Pager duty I should answer that. You. Have one triggered incident on GC p security, services, the failure, is SSH. Brute force detected. Press. Port to add knowledge. So. That was that finding, that just happened being, triggered all the way through the page of duty and ringing my phone here on the Wi-Fi so, I can show you what that looks like here, in security command center this, sir security command center dashboard and, I will refresh, the page that we've got the latest stuff security. Command center brings together information, about your assets your. Threat findings, and your vulnerability, findings and so, we'll scroll down into, ETD and pull, up the latest and greatest threat. Findings from s from. Event threat detection this. Is a detailed view for, this SSH brute force finding you can see that it was discovered just now at 2:12, p.m. you. Can see the name of the asset here is victims that we know what we're talking about we, can see which, user was compromised, it was the admin account so your security, responders, when they get this alert can quickly determine who. It was that got popped on their side whether it's an account they care about and who they should go call about, whether they actually just fat-fingered, their login a bunch of times we've, got a bunch of other useful information in here including, the identities. Of the logs that were involved in the detection and how, it was detected, now, you might say that's great but how do I get proactive, and how do I find these things before, they bite me and so that's where security health analytics comes in and we can click in and we can see we've got a special vulnerability, dashboard. That we just released a couple weeks ago that shows you in one place all the, vulnerabilities that we've detected crush organization, in this, case we filtered the display only, to look at the victim project and we can sort by status and, see, which types, of vulnerabilities are, present in this environment and we can see that indeed there's, an open SSH vulnerability, so, findings are available here both by name and by reference the CIS benchmark, that they're related to so, we're very proud to announce that this is C, is certified. To find C is 1.0 benchmark. Vulnerabilities, in GC P we, can click in see, the details of what exactly this. Vulnerability. Has we, understand that many of your users are, new to Google cloud new, to working on cloud vulnerabilities, so not only do we produce these findings we also populate them with information that described, the vulnerability, and describes. How, you can more or less in one-click clean, this up. So. Thank, you. Good. Stuff, thank you. All. Right so let's look at some of the network security improvements, that we've got cloud. Armor which has traditionally provided, you with, load, bouncing, and DDoS capabilities. Now has Web Application Firewall functionality.

Built In so, there's three main aspects, of that the first one is you have default protections, which are built in for aw stop ten type risks, so you've got things. Like cross-site, scripting, and sequel, injection can, be prevented, by just clicking a button and turning on the defaults. The, second, piece is there. Are there are custom, rule capabilities. So you can build your own custom rules there's, a pretty robust custom. Rule language that, you can use and you can specify all kinds of different parameters like. Location. Or, times. That it should be active or, the types of machines that should operate on etc and then the last thing is that there's a preview mode so before you push all of these rules into production you want to make sure that nothing is going to blow up so, preview, mode gives you the ability to push to production with, with, the assurance assurance. That things are gonna work well when they get there. The. Other big thing that was, also mentioned the keynotes packet mirroring so packet Mirren's now in beta, the. The. Really, important thing here is that a, lot. Of our customers want to, to. Install IDs, systems, they have other security, controls like firewalls, that they want to tie into they, have application, monitoring capabilities. All, of these things require access. To all the data that's on the wire so now you can specify all, data or some sub portion of that data that's. On the wire will will get mirrored. Out to a third party device so, we've, got ten packet, mirroring partners that, we're launching with that all have really, nice seamless, integrations, into GCP packet, mirroring awake. Checkpoint, cisco core light c-- packet extra hop flow Manik SIA net Scout and Palo Alto Networks so. This. Is only, the beginning for us but having. Really easy to ion's where you can just drop these things in and they can work in an automated fashion it. Has been really, nice for a lot of our customers that. Leads. Into the, rest of our security partners so we, have been broadening, our security, partnerships, very widely over the course of 2019. These, are just some of the people that we are working with there's a much broader set of names in this total, security partnership, group, but these are some of the folks that we've been working really closely with, to, create security solutions, inside of GCP so these people are tightly knit, into the GCP, infrastructure. Super. Important for us because as more and more of our customers, are bringing more workloads, into GCP having.

All Of the security partners, that you know and love they're, on Prem or in other clouds with, you is super important. So. With. That let me bring up Karthik we're, gonna talk through the, other half of security in the cloud key suite Identity, and Access. Thank. You Jess good afternoon everyone, my name is Karthik I lead security, identity. And administration. For G suite when. We think about G suite obviously, our end users love working on G suite they think it's easy to collaborate but, it's really important for us so think about all of you and think about your admins so, we think about adding, value along, three dimensions. The. First is really about managing access the. Second, is about protecting your users your. Devices, and the data that comes with it and last. But not the least really, ensuring compliance. So. Let's, dive in and let, me just give you a bunch of updates that, we are doing in each of those areas to, make sure that G suite is secure in your organization. The. First thing that we want to talk about is the advanced protection program, for. The enterprise this is something that's going GA can. I just get a quick show of hands how many how, many of you are familiar. With the advanced protection program it's available for consumers as well all. Right I see quite a few show of hands it's. Been used in the past on the consumer side to, protect like journalists, and civilians, and other potential. Attack targets, now. What we are doing is bringing that same, degree of protection for the enterprise by making it enterprise ready this. Means that the high accounts. That are in your organization you can now enroll them, in the, advanced production program for the enterprise and then three things kick in first, we, require those users to use our, security. Keys security. Keys are, standards. Compliant, they are the highest degree of phishing, resistant, protection that, you can provide, for your users phishing. Is the number one attack vector, the. Second thing that we do is we automatically. Start. Blocking. Third-party. High-risk. App access, into your organization, so we know what's bad for your users and we automatically, protect them and third, we, enroll, these users in enhanced. Email scanning, again evil is your number one attack vector let's, give them the enhanced, scanning because you. Have identified, that these users are high risks remember when, these users get compromised. That's how the hacker, masquerade. Does that user and then gets access to the data causing. Havoc in the organization. Something. In addition to advanced protection program.

For Enterprises, what we are also announcing is enhance, app access. Controls so, the number one reason how, an application gets. Access, to data from another application is, through, OAuth controls, how. Many of you are familiar with OAuth you must have seen the experience, when someone an app comes in and says hey do you wanna can, I get access to this your contacts, or something and most, users just click yes and that's, how all the data leaks and goes into that other other app right. So you can now have both app access controls and again, tighten, the security posture in your organization. The. Next thing you want to talk about is tightened security keys this is Google's version of security keys they, completely, meet. All the standard it's built by Google it's. Something that we've announced earlier, in the summer but, what's new is a new, form factor, which is the USBC form, factor we know a lot of the newer modern laptops, really, support us BC so we wanted to support that out of the box another. Nice cool benefit, that we are supporting, is if. You have an Android phone running, version 7 or higher you. Can now use that phone as a security, key I use it all the time on my personal gmail account it's really convenient and if, you haven't tried it I recommend you try it today. Okay. The next thing you want to talk about the security automation, for all of you and your, ID admins, right. You. You saw that demos, for security center we have something similar for G suite are. Not star vision is to really give you this cohesive, closed-loop, life cycle, around, prevent, detect, and remediate right so as an admin I want to set the proactive, policies, that we think can prevent leaks, from happening in the organization, but. You don't get everything right so, you got to make sure you detect the drift that may have happened and last, but not the least you want the investigation, and the tools so you can remediate and get to the right security. Posture so. One. Of the research surveys showed us that you know there are about 5,000. Alerts. On average that an admin, team gets and almost. Half of it, never, gets investigated, because there's, so much going on users that the admins are drowning with all these events that are coming in an easy. Way to scale, up and manage, by keeping a team size flat but at the same time keep. Up with everything that's going on is by adding automation, so. What we've done is allowed, for admins to now set, automated. Actions that they can take when, a particular, event happened so if you if this is a common pattern and you're taking a common action you don't have to go manually, do that you can have G so you do that for you. Last, but not the least when we when, we enable, security, automation, we really think we can get back to that prevent detect remediate. Life cycle it's tough to get it right but, this will hopefully get us closer i if. You like the security, center demo for GCP i encourage. You to try this out for GCE. Let's. Talk a little bit about devices right. Most. Users there's, a time and I saw a lot of people carry like two phones for example there was the work phone and the personal phone and the reason they wanted those two phones is because users. Hate agents, being installed on the on those devices and admins, are like I need more agents because I need more information so, there was this classic, tension that was building up between, admins, warning deeper, insights, into what's happening on those devices and users. Resisting, because it usually, compromised. Their, end user experience so. One of the things that Google's done really well on the mobile, platforms. And now that we are extending to desktop is what we call essential, desktop security, this. Allows every. G Suite user to. Automatically. Get logged in no agent, is pushed on the device the. Admin gets insight, into what. Are these platforms, that users. Are running on the desktop what kind of policies, they may have on that device as an example do, they have a pin code set on that platform or not and being. Able to turn on lightweight, security, and control to. Increase, the security posture of those devices without, getting. Into the way of how users work right so if you want to preserve the usability while. Increasing security, it's really hard to do that and Google has repeatedly, done that right we'd, love, for you to try this out as well. Next. Let's, talk about context, aware access this is the big announcement, that we are making here at. London next right, super. Quickly how many of you have heard about beyond, corp. Okay. I see a few hands so, just think about your traditional on-premises. Based world if you went, to work and your, your, applications, and your files are on the corporate network then it makes sense your access management systems, that you have make sense but, what happens when the internet is your new network your.

Apps Are in the cloud your files are in the cloud what, is a security, and access mechanism that. Will work that, keeps your security posture high while preserving end-user access. And simplicity so. We have something called context aware access Google, initially. Came out with a model called Beyond Corp in 2011. It was a set of research papers but, we've been working on solution, izing and prioritizing, this work for, a while and we were finally, excited. To announce GA, of the. First version of context-aware, access for G suite so here's what you can now do write the. Security, posture of different applications, within G suite is different for example if your users are in a coffee shop and they, just want to launch a hangouts meeting and get on a video call with someone they, can probably do that with no real security risk but, if they are on some unsecured, Network and they're trying to access Google Drive to access a file you, may not really want that so, you can now offer granular, controls where you can start looking at a few different things number, one. What's the user state, like have the authenticated, with just passwords, or using a second factor out using security keys things like that second. What, is the state of that device what do I know about the device is it a managed device is it a bring your own device things, like that and third of the context, where are you accessing from what, are you trying to access how, sensitive, is that resource that you are trying to access to, use these combinations. To make a dynamic runtime. Decision, about whether that access should be allowed or not again. Really, simple for the end user and really, high security, for the organization. Last. But not the least it's really important for us to meet customers, where they are this is a key mantra for us meet, customers, where they are all of you have made significant. Investments into. A partner, and vendor ecosystem. Just. Talked about this as well it's really important for us to work well with those, partners the, first thing that we're doing here is this beyond Corp Alliance where, we have a devices API and what this does is that if an organization, is using another. Endpoint. Management solution, for. Security. We can combine the signals that we get from, that device along, with the signals that the partner is giving us in order to make better and more enhanced, access, control decisions we. Have partnerships with five. Different partners, today and like Josh said we are continuing, to grow this ecosystem, we, have partnerships with lookout the, checkpoint with, Symantec, with, Paulo also and with their watch right, so their signals. Feed into our signals, and then we can make better decisions and I. Just want to close with one last thing it's really important for us not, just to focus on the end user but to focus on the admin as well we, think that we can get security, right without. Compromising. The end-user experience if we do that by comprehensively. Giving, you abilities, to manage the access to.

Protect Users their. Devices and the data and by, ensuring compliance so, that let me invite, Jess back on stage to talk about security anyway thank you thanks. Alright thanks. Me. Again hi. So. Security. Anywhere the concept, here is that Google, as. A whole we have all of these really interesting innovative. Differentiated. Technologies. That we use internally and. We're. Trying to bring, a lot of those things to you our Google. Cloud customers not. Just within the context, of Google cloud alone but also across. Your entire environment so. Any. Any any. Cloud that you choose to deploy on for. Your, on-prem, environment, so the the whole hybrid package. So. During, our keynote you saw the. Chronicle. Demo. The the back story demo, Chronicle. Was a moonshot, that was spun out about a year ago has been brought back into GCP and. Brings some really interesting, innovative, solutions. Into, the Google Cloud toolset. You, saw a demo of back story this morning backstory. And virustotal, two really, interesting technology products, which bring threat intelligence investigation. And threat hunting capabilities, into GCP. Virustotal. Is the largest repository of, malware, in the world it's got billions of known files and all of the associated, metadata with those files, and. That can be used sort of as an overlay on top of, the. Activity, that you're seeing inside of your own Network. Backstory. So virustotal, you can think about as sort of the threats in the world this is everything, that's out there that's known and how it overlays and then, back story is the threats inside your own network so, the really amazing thing in back story is it, takes all of the data that you've got out there can put all of that in one place and we, sort, of call it planet scale or Google scale you know amounts of data it can, normalize, that data index. That data and. Make, that data, searchable. For you, with. With. Less than a second, of latency, in that query so this, is radically. Different than the experience that most people have today if you are a security, analyst, you may take hours, sometimes, even days to complete, a query across, large amounts of data so, just having this foundation. Of being able to have all of your data, at a. Moment's, notice access. Is. Is, just very different so on top of that we've built all of these nice curated, interfaces, that, guide people, through a.

Very. Quick investigation, flow. To get from, you. Know aid of false positive or truth or true positive, and then, the. The. Pricing. Scheme that we put on top of this we we really did on purpose to be radically. Different as, well so rather, than charging you per gig, that that, is ingested, we, charge you by the amount of employees in your company, just, to get some sizing, but that really encourages, people to put all of the data inside. A back story a lot, of folks today will. Only put a very small fragment. Of the data available, to them into, the tools for analysis and as, such they may be missing a lot of threats in their environment. So. On top of these two products, we, have a few new services, that are just there. Are in beta today and closing, in very rapidly, on GA. How. Many folks here are familiar with Safe Browsing. More. Than more than I would have thought okay that's great there. Are a couple of foundational, technologies, here for these three services one, of them is Safe Browsing the, other is reCAPTCHA, so if you're not familiar with Safe Browsing Safe. Browsing is, a Google technology. That scours, the world looking, for malware. And phishing sites, and as it crawls the web it. Analyzes, all of the URLs with, our, own ml and behavioral analytics to determine whether they are phishing and Malware sites if. It finds a site it adds them into, our database that database is updated very, very regularly, every half hour and it's, embedded inside of Chrome and Firefox Safari. Mobile, and 2,000. Other developer, tools so. When, something gets added to Safe Browsing over. Four billion devices, will, never see that phishing, site or malicious URL so. We've, leveraged, that and we've leveraged, reCAPTCHA which is protecting, about three million websites out in the world today to. Create these three solutions first, one is web rest the web risk API so. What, this does is detects, malicious urls on your website and in your applications. Let's say you've got a, customer, support area. Or a, chat. Application, or. You're, posting, content in any way or you have something. That builds, websites anything. That is content oriented, where a URL may appear you, can give us that URL that was provided, by by. An end-user or, somebody, inside of your organization and, very very, quickly will tell you whether that URL is a phishing. Or or, malicious, URL so. You're never gonna expose your users, to URLs that, are that are dangerous to them the. Second one is reCAPTCHA, enterprise so you're. Probably familiar with the reCAPTCHA, solution you've probably checked, on lots of you. Know pictures, of cats and coffee cups and things like that the. Newest version of reCAPTCHA, is actually, invisible so there, is nothing to do there's no CAPTCHA to fill out and. We're leveraging that, for reCAPTCHA enterprise with. A whole bunch of new features and functionality. So, we have mobile support and reCAPTCHA enterprise for, the first time we have the ability to have built-in two-factor, authentication we, have additional signals which we use so, there are all these nice new features built, into an enterprise facing, package and. That is really for b2c customers. So if you have consumers. Who are using your services, you, can put reCAPTCHA, Enterprise in there's no, interaction. With that end user but, you can build in protections for, fraud, for bot detection. Spam, and abuse, using. ReCAPTCHA Enterprise, so we're really excited about this and lastly. Phishing protection so, here you. Provide us with a brand kit for your company, and we, will go scour the internet looking for matches, for that brand kit and we'll tell you whether we find malicious. Sites phishing, sites etc that, are leveraging your brand and endangering. Your brand and your your users, you, can submit your own URLs, to this so, if. You have URLs. That you believe may be phishing. URLs, that are impersonating, you we'll let you know and. Then from there rather, than wait four to six weeks for a domain registrar, to maybe or maybe not take down this site by, the way at which point that phishing attack is long done and that the attacker, is long gone we, will add these to Safe Browsing and, four, billion devices. Out there will be protected, within half an hour or less so. A couple, of really great user facing, solutions, here the. Last thing that I wanted to mention before we finish is, open. Titan so this. Month in November we, announced the first ever open source silicon project, that's building a highly transparent, high quality reference design for, root of trust chips so. Rob. Mentioned in the beginning that at Google we use something called a titan chip it's built into GCP servers, and. It, provides the the. Physical, route of trust for everything, that's happening on that server this. Design has been super, successful for us and is extremely secure, much more secure, than. The average internet. Server and as such we wanted to make this available to the general public so that they too could, have this, type of security built into their chips so, Open Titan not only provides the reference design to the world but it also gives you a full certification process.

To Make sure that your designs. Can be properly, certified and, all, of the materials, and and and. Procedures. In order to craft a successful. Chip, of your own we. Took. A lot of care in the partners that we that we created for this so low risk is a third. Party, so. A third, party program, that, is, responsible. For the community, and for the project, ETH Zurich helped us design the chip GND provides mobile security in this space they specialized here new Vuitton on the silicon, and Western Digital on the storage so you kind of have all the pieces in the ecosystem. To be successful, in your own designs this is really just Google. Trying, to make the world a little bit safer, one. One server at a time so with, that let's. Bring Rob back up to take, us home. Thank. You Jess and thank you all for sticking around so we covered a lot of ground here today and we brought a lot of capabilities. To market, this year these, next two slides highlight. Our major announcements. At our earlier next conferences. This year our cost GCP across. Container security we really didn't even talk much in this session there a couple of other deep dives that you can go check out as well as, across identity. And across, gee suite we've, been busy we, love it you know it's one of the great things about the cloud you heard a little bit about this in the keynote this morning the, rapid, pace of innovation, and in our case security, to, help us and help you keep, up with the threat landscape and, especially what you are asking us for your requirements they drive so much of what we're doing here in this, space you know how can we take what we're doing to help you increase, your security posture on or, off the cloud and this, work on security, of the cloud and in the cloud and security, anywhere has resulted in us being named a cloud security leader, by industry, analyst firm Forrester, so we were recognized, by a leader in their recent data security, portfolio. Vendors, waive the, highest, ratings of strategy, for any vendor you know our focus on encryption our focus on data discovery our focus on analytics, things all kind of help on that and that goes with our leader rating that they had given us in the past on cloud platform, native security, again highest, rating in terms of strategy, you can see it in this level of innovation and. What we're doing and what we're bringing to market and we're, pleased that you know our efforts have also resulted in you you know your embrace of our technologies. Many organizations. Working with Google, cloud to protect their businesses, this is these are just the logos of the customers who recently shared, stories, about how they're using our security, capabilities, to, help protect their business you can see wide, variety, of sectors regulated. Public sector other you, know we see more trust in the cloud we see more trust in us hopefully.

It's Really as a result of what we're doing and finally. Because, we're out of time we can't possibly demo, all this great stuff like Tim and an ill son did on all that stuff here. Are some remaining sessions over, there over, the course of the next day. Today, and tomorrow where, you can see our security products. Featured come, talk to us come talk to our product manager get, into the get into the details as much, as you'd like to so, from. All of us we want to thank you for joining us today stay. Secure, and have a great rest of next.

2019-12-14 23:12

Show Video

Other news