Security policy overview  |  Google Cloud Armor (2022)

Google Cloud Armor security policies protect your application by providing Layer 7filtering and by scrubbing incoming requests for common web attacks or other Layer 7attributes to potentially block traffic before it reaches your load balancedbackend services or backend buckets. Each security policy is made up of a set ofrules that filter traffic based on conditions such as an incoming request's IPaddress, IP range, region code, or request headers.

Google Cloud Armor security policies are available only for backend servicesof global external HTTP(S) load balancers, global external HTTP(S) load balancer (classic)s, external TCP proxy load balancers, orexternal SSL proxy load balancers. The load balancer can be inPremium Tier or Standard Tier.

The backends to the backend service can be any of the following:

  • Instance groups
  • Zonal network endpoint groups(NEGs)
  • Serverless NEGs: One ormore App Engine, Cloud Run,or Cloud Functions services
  • Internet NEGs forexternal backends
  • Buckets in Cloud Storage

When you use Google Cloud Armor to protect a hybrid deployment or a multi-cloudarchitecture, the backends must be internet NEGs. Google Cloud Armor alsoprotects serverless NEGs when traffic is routed through a load balancer. Toensure that only traffic that has been routed through your load balancer reachesyour serverless NEG, seeIngress controls.

Google Cloud Armor also provides advanced network DDoS protection forExternal TCP/UDP network load balancer,protocol forwarding, and VMs withpublic IP addresses. For more information about advanced DDoS protection, seeConfigure advanced network DDoS protection.

Protect your Google Cloud deployments with Google Cloud Armor security policies

External load balancing is implemented at the edge of Google's network inGoogle's points of presence (PoPs) around theworld. In Premium Tier, user traffic directed to anexternal load balancerenters the PoP closest to the user. It is then load balanced over Google'sglobal network to the closest backend that has sufficient capacity available. InStandard Tier, user traffic enters Google's network through peering, ISP, ortransit networks in the region where you have deployed your Google Cloudresources.

Google Cloud Armor security policies enable you to allow, deny, rate-limit,or redirect requests to your global external HTTP(S) load balancer, global external HTTP(S) load balancer (classic)s,external TCP proxy load balancers, or external SSL proxy load balancers at the Google Cloud edge,as close as possible to the source of incoming traffic. This prevents unwelcometraffic from consuming resources or entering your Virtual Private Cloud (VPC)networks.

The following diagram illustrates the location of global external HTTP(S) load balancers,global external HTTP(S) load balancer (classic)s, the Google network, and Google data centers.

Requirements

These are the requirements for using Google Cloud Armor security policies:

  • The load balancer must be an global external HTTP(S) load balancer, global external HTTP(S) load balancer (classic),external TCP proxy load balancer, or external SSL proxy load balancer.
  • The backend service's load balancing scheme must be EXTERNAL, orEXTERNAL_MANAGED if you are using global external HTTP(S) load balancer.
  • The backend service's protocol must be one of HTTP, HTTPS, HTTP/2,TCP, or SSL.

About Google Cloud Armor security policies

Google Cloud Armor security policies are sets of rules that match onattributes from Layer 3 to Layer 7 to protect externally facing applications orservices. Each rule is evaluated with respect to incoming traffic.

A Google Cloud Armor security policy rule consists of a match condition andan action to take when that condition is met. Conditions can be as simple aswhether the incoming traffic's source IP address matches a specific IP addressor CIDR range (also known as IP address allowlist and denylist rules).Alternatively, by using theGoogle Cloud Armor custom rules language reference,you can create custom conditions that match on various attributes of theincoming traffic, such as the URL path, request method, or request header values.

When an incoming request matches a condition in a security policy rule,Google Cloud Armor allows, denies, or redirects the request, based on whetherthe rule is an allow rule, a deny rule, or a redirect rule. There can beadditional action parameters to apply, like inserting request headers; thisfeature is part of Google Cloud Armor bot management. For more informationabout bot management, see thebot management overview.

You can associate a Google Cloud Armor security policy with one or morebackend services. A backend service can have only one security policy associatedwith it, but your backend services do not all need to be associated with thesame security policy.

If a Google Cloud Armor security policy is associated with any backendservice, it can't be deleted. A backend service can be deleted regardless ofwhether it has an associated security policy.

If multiple forwarding rules point to a backend service that has an associatedsecurity policy, the policy rules are enforced for all traffic coming in to eachof the forwarding rule IP addresses.

In the following illustration, the Google Cloud Armor security policyinternal-users-policy is associated with the backend service test-network.

Google Cloud Armor security policies have the following core features:

(Video) Getting started with Cloud Armor Adaptive Protection

  • You can optionally use the QUIC protocol with load balancers that useGoogle Cloud Armor.

  • You can use Google Cloud Armor with load balancers that are ineither of the following Network Service Tiers:

    • Premium Tier
    • Standard Tier
  • You can use security policies with GKE and the default Ingresscontroller.

Types of security policies

The following table shows the types of security policies and what you can dowith them. A check mark (✔) indicates that the type of security policy supportsthe feature.

Backend security policy
Edge security policy
Frontend Type Global external HTTP(S) load balancer/Global external HTTP(S) load balancer (classic) external TCP proxy load balancer/external SSL proxy load balancer global external HTTP(S) load balancer/global external HTTP(S) load balancer (classic)
Attachment point (protected resource) Backend service Backend service
  • Backend service
  • Backend bucket
Rule actions
  • Allow
  • Deny
  • Redirect (GOOGLE_RECAPTCHA and EXTERNAL_302)
  • Throttle
  • Rate-based ban
  • Allow
  • Deny
  • Throttle
  • Rate-based ban
  • Allow
  • Deny
Source IP address
Source geography
Source ASN
Rate limiting
Bot management
Layer 7 filtering
WAF
Adaptive protection
Named IP address lists
Threat Intelligence (preview)

Backend security policies

Backend security policies are used with backend services exposed by anglobal external HTTP(S) load balancer, global external HTTP(S) load balancer (classic), External TCP Proxy Load Balancing, orExternal SSL Proxy Load Balancing. They can be used to filter requests and protect backendservices that reference instance groups or network endpoint groups (NEGs)including internet, zonal, and serverless NEGs.

When using an external TCP proxy load balancer, Google Cloud Armor enforces the security policyrule action deny only on new connection requests. The deny actionterminates the TCP connection. In addition, if you provide a status code withyour deny action, the status code is ignored.

Edge security policies

Edge security policies enable users to configure filtering and access controlpolicies for content that is stored in cache; this includes endpoints likeCloud CDN-enabled backend services and Cloud Storage buckets. Edgesecurity policies support filtering based on a subset of parameters compared tobackend security policies. You cannot set an edge security policy as a backendpolicy. Edge security policies are not supported for external TCP proxy load balancers orexternal SSL proxy load balancers.

Edge security policies can be configured to filter requests before the requestis served from Google's cache. Edge security policies are deployed and enforcedat the outermost perimeter of Google's network, upstream of where theCloud CDN cache resides. Edge security policies can coexist with backendsecurity policies to provide two layers of protection. They can besimultaneously applied to a backend service regardless of the resources that thebackend service points to (for example, instance groups or network endpointgroups). Only edge security policies can be applied to backend buckets.

When edge security policies and backend security policies are attached tothe same backend service, backend security policies are enforced only forcache miss requests that have passed edge security policies.

Rule evaluation order

Rule evaluation order is determined by rule priority, from the lowest numberto the highest number. The rule with the lowest numeric value assigned has thehighest logical priority and is evaluated prior to rules with lower logicalpriorities. The minimum numeric priority is 0. The priority of a rule decreasesas its number increases (1, 2, 3, N+1). You cannot configure two or more ruleswith the same priority. The priority for each rule must be set to a number from0 to 2147483646 inclusive. The priority value 2147483647, also known asINT-MAX, is reserved for the default rule.

Priority numbers can have gaps, which enable you to add or remove rules in thefuture without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9,12, 16 is a valid series of priority numbers to which you could add rulesnumbered from 6 to 8, 10 to 11, and 13 to 15 in the future. You don't need tochange the existing rules except for the order of execution.

Typically, the highest priority rule that matches the request is applied.However, there is an exception when HTTP POST requests are evaluated againstpreconfigured rules that use evaluatePreconfiguredExpr(). The exception is asfollows.

For HTTP POST requests, Google Cloud Armor receives the request's headerbefore the body (payload). Because Google Cloud Armor receives theheader information first, it evaluates rules that match against the header, butit does not match any preconfigured rules on the body. If there are multipleheader-based rules, Google Cloud Armor evaluates them based on theirpriority as expected. Note that redirect actions and inserting custom headeractions work only during the header processing phase. The redirect action, ifmatched during the following body processing phase, is translated to a denyaction. The custom request header action, if matched during the bodyprocessing phase, will not take effect.

After Google Cloud Armor receives the HTTP POST body, it evaluates rulesthat apply to both the request headers and body. As a result, it's possible thatlower priority rules that allow a request's header are matched before higherpriority rules that block the request's body. In such cases, it is possible thatthe HTTP header portion of the request is sent to the target backendservice, but the POST body containing potentially malicious content isblocked. Google Cloud Armor inspects the first 8KB of the POST body.For more information about this limitation, seePOST body inspection limitation.

The evaluatePreconfiguredExpr() expression for preconfigured rules isthe only expression that is evaluated against the request body. All otherexpressions are evaluated against the request header only. Among the HTTPrequest types with a request body, Google Cloud Armor processes only POSTrequests. The inspection is limited to the first 8 KB of the POST body andgets decoded like URL query parameters. Google Cloud Armor can parse and applypreconfigured WAF rules for JSON-formatted POST bodies (Content-Type='application/json'). However, Google Cloud Armor does not support otherHTTP Content-Type/Content-Encoding-based decoders such as XML, Gzip, or UTF-16.

Examples

In the following example, rules 1, 2, and 3 are evaluated in that order for theIP and HTTP header fields. However, if an IP 9.9.9.1 launches an XSSattack in the HTTP POST body, only the body is blocked (by rule 2); the HTTPheader passes through to the backend (by rule 3).

Rule1expr: inIPRange(origin.ip, '10.10.10.0/24')action: deny(403)priority: 1Rule2expr: evaluatePreconfiguredExpr('xss-stable')action: deny(403)priority: 2Rule3expr: inIPRange(origin.ip, '9.9.9.0/24')action: allowpriority: 3Rule-defaultaction: deny(403)priority: INT-MAX

In the following example, the policy allows IP 9.9.9.1 without scanning againstXSS attacks:

(Video) Getting started with Cloud Armor Adaptive Protection

Rule1expr: inIPRange(origin.ip, '10.10.10.0/24')action: deny(403)priority: 1Rule2expr: inIPRange(origin.ip, '9.9.9.0/24')action: allowpriority: 2Rule3expr: evaluatePreconfiguredExpr('xss-stable')action: deny(403)priority: 3Rule-defaultaction: allowpriority: INT-MAX

Default rule

Each Google Cloud Armor security policy contains a default rule that ismatched if none of the higher priority rules are matched or if there are noother rules in the policy. The default rule is automatically assigned a priorityof 2147483647 (INT-MAX), and it is always present in the security policy.

You cannot delete the default rule, but you can modify it. The default actionfor the default rule is deny, but you can change the action to allow.

Fingerprint

Each Google Cloud Armor security policy has a field fingerprint. Thefingerprint is a hash of the contents stored in the policy. When you create anew policy, do not provide the value of this field. If you provide a value, itis ignored. However, when you update a security policy, you must specify thecurrent fingerprint, which you get when you export or describe the policy (usingEXPORT or DESCRIBE, respectively).

The fingerprint protects you from overriding another user's update. If thefingerprint that you provide is out of date, it means that the security policywas updated since you last retrieved the fingerprint. To check for anydifferences and to retrieve the latest fingerprint, run the DESCRIBEcommand.

Rules language and enforcement engine

The rules language and enforcement engine provide the following:

Types of rules

Google Cloud Armor has the following types of rules.

IP address allowlist and denylist rules

You can create IP address allowlist and denylist rules within a securitypolicy. Some examples include the following:

  • Denylisting for IP address/CIDR enables you to block a source IP address or CIDR range fromaccessing supported load balancers.

  • Allowlisting for IP address/CIDR enables you to allow a sourceIP address or CIDR range to access supported load balancers.

  • IPv4 and IPv6 addresses are supported in allowlist and denylist rules.

  • IP address rules can block or allow individual source IPaddresses or CIDRs. Both IPv4 and IPv6 source addresses are supported.

  • Deny rules can return an HTTP 403 (Unauthorized), 404 (Access Denied),or 502 (Bad Gateway) response.

  • Exceed action rules can return an HTTP 429 (Too Many Requests).

Preconfigured rules for XSS, SQLi, LFI, RFI, and RCE

You can use preconfigured rules to mitigate the following attacks:

(Video) Google Cloud Armor - Deep Dive

  • Cross-site scripting (XSS)
  • SQL injection (SQLi) attacks
  • Local file inclusion (LFI) attacks
  • Remote file inclusion (RFI) attacks
  • Remote code execution (RCE) attacks

These rules are based on theOWASP Modsecurity core rule set version 3.0.2.

Bot management rules

You can use bot management rules to do the following:

  1. Redirect requests for reCAPTCHA Enterprise assessment with optionalmanual challenges.
  2. Evaluate reCAPTCHA Enterprise tokens attached with a request and applythe configured action based on token attributes.
  3. Redirect requests to your configured alternative URL with a 302 response.
  4. Insert custom headers to requests before proxying them to your backends.

For more information about bot management, see thebot management overview.

Preconfigured rules for named IP address lists

Preconfigured rules for named IP address lists provide the following:

  • Integrate third-party providers' named IP address lists withGoogle Cloud Armor.

  • Simplify maintenance of allowed or denied IP address ranges.

  • Synchronize third-party providers' lists daily.

  • Increase your capacity for configuring IP addresses and ranges in securitypolicies because named IP address lists are not subject to limits on the numberof IP addresses per rule.

Rate limiting rules

You can use rate limiting rules to do the following:

  • Throttle requests per client based on a threshold you configure.
  • Temporarily ban clients that exceed a request threshold that you set for aconfigured duration.

When you use rate limiting with external TCP proxy load balancers or external SSL proxy load balancers, thefollowing restrictions apply:

  • Google Cloud Armor only enforces rate limiting actions like throttling orbanning on new connection requests from clients.
  • Only the key types ALL and IP are supported for External TCP Proxy Load Balancing andExternal SSL Proxy Load Balancing.
  • If you attempt to use the key type HTTP-HEADER or HTTP-COOKIE with TCP/SSLload balancers, the key type is interpreted as ALL, and likewiseXFF-IP is interpreted as IP.

For more information about rate limiting and how it works, see theRate limiting overview.

Preview mode

You can preview the effects of a rule without enforcing it. In preview mode,actions are noted in Cloud Monitoring. You can choose topreview individual rules in a security policy, or you can preview every rule inthe policy.

You can enable preview mode for a rule by using the Google Cloud CLI and the--preview flag ofgcloud compute security-policies rules update.

To disable preview mode, use the --no-preview flag, which is not currentlydocumented. You can also use the Google Cloud console.

If a request triggers a preview, Google Cloud Armor will continue to evaluateother rules until finding a match. Both the matched and preview rule will beavailable in the logs.

Logging

Google Cloud Armor has extensive logging and lets you define how verboseyour logging is. For complete information about logging, seeUsing request logging.

JSON parsing and verbose logging

By default, Google Cloud Armor does not parse the JSON content of POST bodieswhen preconfigured WAF (web application firewall) rules are evaluated. This cancause the WAF rules to be noisy and potentially generate false positive matcheson incoming requests if the protected workloads serve REST APIs or otherwisereceive requests with JSON in the POST Body(Content-Type = "application/json").

(Video) How you can protect your websites and applications with Google Cloud Armor

A noisy rule is triggered by requests that you would most likely consider to befalse positives. For example, a JSON request body such as '{"test": "123"}'triggers the SQL injection rule owasp-crs-v030001-id942431-sqli if JSONparsing is not enabled.

We recommend that you enable JSON parsing if you expect your workload to receiverequests with Content-Type = "application/json"—for example, if you areserving REST APIs. By default, this option is disabled. The syntax for the flagis as follows:

--json-parsing=[STANDARD | DISABLED]

The flag is available only with gcloud compute security-policies update. Youcannot create a new security policy with this option unless you create asecurity policy in a file and then import that file.

To reduce the noise and false positives, you can configure Google Cloud Armorto parse the JSON content of POST bodies. This means that Google Cloud Armorignores structural characters of the JSON message in the POST body and looksonly at the end-user-provided values in the JSON message. For more informationabout preconfigured WAF rules, seeTuning Google Cloud Armor WAF rules.

Additionally, you might not be able to tell why a preconfigured WAF rule wastriggered by a particular request. Google Cloud Armor's default event logscontain the rule that was triggered, as well as the subsignature. However, you mightneed to identify the details from the incoming request that triggered the rulefor troubleshooting, rule validation, or rule tuning purposes.

You can adjust the level of detail recorded in your logs. We recommend that youenable verbose logging only when you first create a policy, makechanges to a policy, or troubleshoot a policy. If you enable verboselogging, it is in effect for rules in preview mode as well as active(non-previewed) rules during standard operations.

For more information about verbose logging, see Using requestlogging.

HTTP(S) Load Balancing request logging

Each HTTP(S) request that is evaluated against a Google Cloud Armor securitypolicy is logged through Cloud Logging. The logs provide details such as thename of the applied security policy, the matching rule, and whether the rule wasenforced. Request logging for new backend service resources is disabled bydefault. To ensure that Google Cloud Armor requests are logged, you mustenable HTTP(S) logging for each backend service protected by a security policy.

For more information, seeHTTP(S) Load Balancing logging and monitoringand Using request logging.

To view Google Cloud Armor logs, see Viewing logs.

External TCP Proxy Load Balancing and External SSL Proxy Load Balancing request logging

You can configure External TCP Proxy Load Balancing and External SSL Proxy Load Balancinglogging using the Google Cloud CLI commands as listed inHTTP(S) Load Balancing logging and monitoring.You cannot enable logging for External TCP Proxy Load Balancing and External SSL Proxy Load Balancingusing the Google Cloud console.

Limitations

The following sections detail limitations for security policies.

POST body inspection limitation

The evaluatePreconfiguredExpr() expression for preconfigured rules is the onlyexpression that Google Cloud Armor evaluates against the request body. Amongthe HTTP request types with a request body, Google Cloud Armor processes onlyPOST requests.

The inspection is limited to the first 8 KB of the POST body, which gets decodedlike URL query parameters. The remainder of the POST body might containmalicious code, which your application might accept. To mitigate the risk ofPOST bodies whose size exceeds 8 KB, see thetroubleshooting guide.

Google Cloud Armor can parse and apply preconfigured WAF rules for defaultURL-encoded and JSON-formatted POST bodies (Content-Type='application/json'),in which case rules are independently applied on the decoded names and values inthe data. For other content types and encoding types, Google Cloud Armor doesnot decode the data, but applies the preconfigured rules on raw data.

How WebSocket connections are handled

global external HTTP(S) load balancer has built-in support for the WebSocket protocol.WebSocket channels are initiated from HTTP(S) requests. Google Cloud Armorcan block a WebSocket channel from being established, for example, if an IPaddress denylist blocks the originating IP address. However, subsequenttransactions in the channel do not conform to the HTTP protocol, andGoogle Cloud Armor does not evaluate any messages after the first request.

(Video) Cloud Armor in a minute

What's next

  • Configure security policies, rules, and expressions
  • Learn about the features in Managed Protection tiers
  • Learn about named IP address lists
  • Troubleshoot issues

FAQs

Security policy overview  |  Google Cloud Armor? ›

Google Cloud Armor

Google Cloud Armor
Google Cloud Armor security policies enable you to allow or deny access to your deployment at the Google Cloud edge, as close as possible to the source of incoming traffic. This prevents unwelcome traffic from consuming resources or entering your Virtual Private Cloud (VPC) networks.
https://cloud.google.com › docs › cloud-armor-overview
security policies enable you to allow, deny, rate-limit, or redirect requests to your global external HTTP(S
HTTP(S
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.
https://en.wikipedia.org › wiki › HTTPS
) load balancer, global external HTTP(S) load balancer (classic)s, external TCP proxy load balancers, or external SSL proxy load balancers at the Google Cloud edge, as close as possible to the ...

What additional security does cloud armor provide? ›

Google Cloud Armor security policies enable you to allow or deny access to your deployment at the Google Cloud edge, as close as possible to the source of incoming traffic. This prevents unwelcome traffic from consuming resources or entering your Virtual Private Cloud (VPC) networks.

Is cloud armor a WAF? ›

Tuning Google Cloud Armor WAF rules

Preconfigured web application firewall (WAF) rules with dozens of signatures that are compiled from open source industry standards.

How do you implement cloud armor? ›

Create a Google Cloud Armor security policy. Add rules to the security policy based on IP address lists, custom expressions, or preconfigured expression sets. Attach the security policy to a backend service of the external HTTP(S) load balancer for which you want to control access. Update the security policy as needed.

How do I check my cloud armor log? ›

Viewing logs

You can view the logs for a Google Cloud Armor security policy only in the Google Cloud console. In the Google Cloud console, go to the Network Security page. On the Security policies page, in the row for a security policy, click more_vertMenu for the policy whose logs you want to view. Select View logs.

What load balancer type is supported with cloud Armor security policies? ›

Google Cloud Armor security policies are available only for backend services of global external HTTP(S) load balancers, global external HTTP(S) load balancer (classic)s, external TCP proxy load balancers, or external SSL proxy load balancers. The load balancer can be in Premium Tier or Standard Tier.

Does Google Cloud has DDoS protection? ›

Distributed Denial of Service (DDoS) attacks don't need to be big to wreak havoc on a target, but it doesn't hurt. In the latest biggest of all times attacks, Google fended off an HTTPS DDoS attack, which peaked at 46 million requests per second (RPS).

Does Google have a WAF? ›

Google Cloud Armor is the web-application firewall (WAF) and DDoS mitigation service that helps users defend their web apps and services at Google scale at the edge of Google's network.

What are WAF rules? ›

An AWS WAF rule defines how to inspect HTTP(S) web requests and the action to take on a request when it matches the inspection criteria. You define rules only in the context of a rule group or web ACL. You can define rules that inspect for criteria like the following: Scripts that are likely to be malicious.

What is WAF service? ›

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe.

What is a cloud CDN? ›

Cloud CDN is a content delivery network that accelerates your web and video content delivery by using Google's global edge network to bring content as close to your users as possible. As a result latency, cost, and load on your backend servers is reduced, making it easier to scale to millions of users.

What is VPC service controls? ›

VPC Service Controls allow customers to address threats such as data theft, accidental data loss, and excessive access to data stored in Google Cloud multi-tenant services. It enables clients to tightly control what entities can access what services in order to reduce both intentional and unintentional losses.

Which two of the following vulnerabilities are scanned for when you use cloud security scanner? ›

If you're using App Engine, you can easily scan your application for two very common vulnerabilities: cross-site scripting (XSS) and mixed content.

How security is provided in cloud computing? ›

Security in cloud computing is a major concern. Data in cloud should be stored in encrypted form. To restrict client from accessing the shared data directly, proxy and brokerage services should be employed.

Which of the following security measures is of extra importance when using cloud services? ›

One of the most important cloud computing security measures you can take is backing up your data. It's crucial to have a contingency plan in place should anything happen to your information, such as loss or corruption. You may opt to have a local back-up or even utilise another cloud service – or do both.

Which of the following security options could be provided by a cloud computing solution? ›

Cloud providers take steps to protect data that's in transit. Data Security methods include virtual private networks, encryption, or masking. Virtual private networks (VPNs) allow remote employees to connect to corporate networks. VPNs accommodate tablets and smartphones for remote access.

What are cloud security requirements? ›

The steps required to secure data in the cloud vary. Factors, including the type and sensitivity of the data to be protected, cloud architecture, accessibility of built-in and third-party tools, and number and types of users authorized to access the data must be considered.

Videos

1. How do I protect my applications from DDoS attacks with Google Cloud Armor?
(Google Cloud)
2. Introduction to Cloud Armor
(Google Cloud Tech)
3. Google Cloud Armor Adaptive Protection | Cloud Logging | Cloud Monitoring | Configurations |
(CloudFirst Technology)
4. Google cloud armor
(Set-Techie)
5. Cloud OnAir: Cloud Armor: Defending Your Applications from DDoS Attacks with Google
(Google Cloud Tech)
6. DDoS Defense and Application Protection with Cloud Armor, GCP Security, and ML (Cloud Next '18)
(Google Cloud Tech)

Top Articles

Latest Posts

Article information

Author: Ouida Strosin DO

Last Updated: 01/20/2023

Views: 5737

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.