Packet Mirroring, Google’s solution to enhance threat detection in public cloud environments, is now generally available.
The feature offers full packet capture, which allows users to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production, according to Google in a post.
Once Packet Mirroring is enabled, third-party tools can collect and inspect network traffic at scale. Users can also deploy third-party solutions for network performance monitoring and troubleshooting, especially when they want to use the same vendor from their on-premises architecture in their hybrid cloud deployment.
Google Cloud found that most often customers that are migrating to cloud typically have an IDS deployed on-premises to meet their security and compliance requirements. Packet monitoring allows you to deploy your preferred IDS in the cloud.
Within Packet Mirroring, advanced NTA tools leverage machine learning and advanced analytics to inspect mirrored packet data, baselining the normal behavior of the network and then detecting anomalies that might indicate a potential security attack.
Users can also integrate Packet Mirroring data into third-party network performance monitoring solutions to gain better visibility into network health.
“To date, we’ve built an extensive ecosystem of partners, and are actively exploring new ones. Having the right partner solution deployed in conjunction with packet mirroring is critical to get the security insights and avoid missing potential security attacks,” Google stated.
Packet Monitoring can be set up by hitting “Create Policy” in the UI, followed by defining policy overview, selecting the VPC network, and selecting the mirrored source, collector destination, and mirrored traffic.
Packet Mirroring is available in all Google Cloud regions, for all machine types, for both Compute Engine instances and GKE clusters.
Additional details on the new release are available here.