Cloud IDS is the first network threat detection system delivered as a native Google Cloud service, Palo Alto Networks stated. It is built on the Palo Alto Networks Threat Prevention security service and uses the company's machine learning-powered threat analysis engine to automatically collect threat data and insights from a global network of firewalls and endpoint agents.
Cloud IDS provides granular application-level visibility of traffic within a virtual private cloud (VPC), Palo Alto Networks noted. It enables organizations to gain insights into a wide range of network-based threats, including:
- Command-and-control attacks
Cloud IDS supports industry-specific security compliance goals, Palo Alto Networks. It lets organizations leverage a built-in catalog of attack signatures from Palo Alto Networks' threat analysis engine to detect the latest threats.
Furthermore, Cloud IDS can be integrated with Palo Alto Networks XSOAR and XDR to enable automatic response to detected threats and to simplify security investigations, the company said. In addition, Cloud IDS integrations with Google Cloud Security Command Center, Chronicle and other native Google Cloud security services are in development.
A preview version of Cloud IDS is now available.
Palo Alto Networks: Cloud Security Posture Management
Along with its Cloud IDS announcement, Palo Alto Networks in June 2021 unveiled several enhancements to Prisma Cloud, the company's cloud security posture management (CSPM) solution for MSSPs. These enhancements included:
- True Internet Exposure: Provides network path visibility between any source and destination.
- Visibility-as-Code: Ensures a development team can use Prisma Cloud to access up-to-date cloud services without putting their organization's security at risk.
- Network Data Exfiltration Detection: Allows users to leverage machine learning to analyze network flow logs, learn about customer traffic patterns and gather security insights.
- Anomalous Compute Provisioning Detection: Helps users identify the provisioning of an abnormal number of virtual machines (VMs) that may be attributed to cryptojacking or resource misuse.
- Customizable Object-Level Scanning for AWS S3: Evaluates resource configurations and enables users to scan objects in their S3 buckets for public exposure and find sensitive data and malware.
Palo Alto Networks delivers security solutions to protect cloud environments, networks and mobile devices. The company provides these solutions to more than 82,000 customers globally.