This is the third article in our series on GCP security. Read Parts 1 and 2 for more context on Part 3, if you haven't already done so.
In Part 1, we discussed the lack of a comprehensive approach to security and managing security on Google Cloud Platform (GCP). In Part 2, we focused on what's needed to achieve enterprise-grade breadth and depth for securing apps on GCP. For Part 3, we'll concentrate on what Cisco Multicloud Defense customers do with the solution to secure apps on GCP. We'll walk through:
The first two topics focus on the architecture of Cisco Multicloud Defense, whereas the third and fourth focus on the fact that Multicloud Defense's architecture enables a single-policy, single-workflow approach to operations, which is game-changing for many organizations. The need for a comprehensive approach is highlighted by Google Cloud's own research showing how threat actors follow the common attack pattern of maintaining persistent network presence after the initial compromise by moving laterally and maintaining outbound connections to command-and-control (C2).
Multicloud Defense offers organizations an approach that works across multiple clouds. We'll focus on GCP. Multicloud Defense secures workloads using the network, which works for every application architecture in the cloud. The solution starts with continuously discovering workloads in GCP and overlays this with existing traffic flows, including Domain Name System (DNS) queries and virtual port channel (VPC) flow logs. Correlating this against threat intelligence shows you the gaps, such as which workloads are connecting to malicious destinations or command-and-control (C2) infrastructure. Armed with this visibility, the Multicloud Defense Controller enables an array of distributed security services to be brought to bear for each workload in GCP, or any cloud, instructed by a single policy based on workload context (dev, test, prod, pci, web, backend, etc.).
Decryption is a critical aspect of this; we know attackers also leverage it. Because Multicloud Defense uses a single approach (not discrete security functions with separate management consoles), it can integrate with GCP's Key Management Service (KMS), enabling a manageable and compliant approach to decryption/re-encryption across all security capabilities. By decrypting traffic at scale and removing that burden from customers, they can focus on security policies rather than building and managing complex network security infrastructure. Thus, a single point of visibility, control, and decryption means that the right policy can be applied to the right workload across security functions.
There are a few critical security capabilities that Multicloud Defense customers use heavily after decryption—Layer 4 firewall, IPS, DLP—across three different traffic patterns: ingress, egress, and east-west. Looking back at the summary of requirements from Part 2, Multicloud Defense is capable of:
The comprehensive nature of these capabilities across all traffic presents a very different picture from the GCP tools,such as GCP Firewall, WAF, etc. Making this all work at high performance and low latency is what Multicloud Defense customers rely upon.
The other difference between Multicloud Defense and tools offered through GCP is that organizations value the single policy/single workflow approach that Multicloud Defense uses. Customers associate an app with a policy that bridges all security functions and has a single workflow—either Terraform or interfacing with the Cisco Multicloud Defense Controller, and that's it.
They're not deploying appliances or individual gateways in GCP. As customers mature in their internal processes, they graduate from using the Multicloud Defense web interface and start using the Multicloud Defense Terraform provider to bake security into their DevOps process. This allows security teams to primarily set security policy and requires developers to simply tag or label their workloads correctly (dev, test, prod, compliance, web, etc.), and policy gets enforced automatically.
Since there's a single policy and single workflow, compliance is much easier. Instead of pulling reports from different tools, connectivity and controls are managed with the Multicloud Defense Controller. This makes reporting against various compliance objectives simpler and easier. What makes compliance easy is also the automated workload-based policy; no longer are you concerned about applying security on auto-scaling workloads.
Multicloud Defense customers on GCP can take advantage of a strong architectural foundation, enterprise security capabilities, cloud-native operations and meet compliance with ease. All are integrated both with modern DevOps frameworks and GCP infrastructure. Getting started with Cisco Multicloud Defense on GCP is easy. Here are a few ways to begin: