There’s no doubt that cloud adoption has led to accelerated business outcomes. The flexibility of compute and ease of deployment is empowering for developers. But developing applications in the cloud has challenged security teams who are attempting to ensure the same protections in the cloud as on-premises, without slowing down development. Ultimately, successful organizations are the ones who understand that cloud security is a shared responsibility – that is, the cloud provider is responsible for security of the cloud, and the organization is responsible for security in the cloud.

Cloud providers like Google Cloud understand the access and visibility needed by customers to fulfill their security “in the cloud” role. Google Cloud has recently announced the Packet Mirroring service that clones the traffic of specified instances in a VPC (Virtual Private Cloud) network and forwards this traffic to designated receivers. Packet Mirroring captures all ingress and egress traffic and packet data, such as payloads and headers.

“Traffic visibility is critical to prevent security breaches and attacks as networks grow in complexity,” said Mahesh Narayanan, product manager at Google Cloud. “With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyze, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types.”

And this telemetry can be consumed by Cisco Stealthwatch Cloud, a SaaS-based network traffic analysis solution for visibility and threat detection. By collecting and analyzing network meta data, Stealthwatch Cloud can pinpoint anomalies and further reduce them to high-fidelity critical alerts that security teams can easily investigate. In fact, Stealthwatch Cloud users consistently rate more than 90 percent of the alerts they see in the Stealthwatch Cloud dashboard as useful. Additionally, the pervasive visibility provided by Stealthwatch Cloud into network conversations helps organizations ensure compliance, perform faster investigations, and analyze security events in the past through forensic analysis.

Cloud-native security for Google Cloud

The partnership between Cisco and Google Cloud isn’t new. A year ago, Google Cloud announced VPC Flow Logs, and Cisco Stealthwatch Cloud was one of the first solutions to support it. It can be deployed via API in 10 minutes or less without the need for agents. This also ensures Stealthwatch Cloud automatically covers your entire cloud infrastructure as it grows and changes.

Additionally, as many organizations know, one cloud is never enough.  Most organizations support two or more public clouds along with their own local datacenter.  Multiple application infrastructures can further complicate the life of security personnel where process, tools, and applications all vary by environment.  With Stealthwatch Cloud, security teams don’t need to manage multiple security tools for different environments. Stealthwatch Cloud combines telemetry from on-prem, other cloud infrastructures, and virtualized environments to provide a single, unified security view of the organization’s combined network.

Real-world deployment by a service provider customer

Telindus – a Luxembourg-based information technology integrator, cloud, and telecom service provider – deployed Stealthwatch Cloud in their Google Cloud infrastructure and saw immediate results. Telindus was able to detect a number of bad activities such as unusual IPs interacting with the environment, traffic from suspicious countries, denial-of-service attacks, and attempts to steal passwords. “Stealthwatch Cloud was able to find the needle in the haystack,” said Thomas Scherer, Chief Architect at Telindus.

Ensure visibility, threat detection and compliance within your network by signing up for a free 60-day trial of Stealthwatch Cloud.


Megha Mehta

Product Marketing Manager, Cisco Stealthwatch

Security Business Group