How Google Cloud Armor helps Broadcom block DDoS Attacks
Technology leader Broadcom is a worldwide provider of enterprise security solutions that leverages its expertise in hardware and software to offer a broad portfolio of embedded security solutions, including integrated Symantec cybersecurity software. In 2021, Broadcom received the Google Cloud DevOps Award.
As Broadcom migrated its enterprise security solution infrastructure from Amazon Web Services to Google Cloud, defending the environment’s network security infrastructure remained a top priority. In addition to keeping customer environments secure, Broadcom required a robust web application firewall with anti-DDoS capabilities to help meet compliance requirements − such as FedRAMP for their public sector customers. Google Cloud was able to provide those capabilities for Broadcom.
“We needed protection and prevention of DDoS attacks on our servers, global IP addresses, and global load balancers,” said Shay Ben-Haroche, Broadcom Platform Group Manager for Symantec Zero Trust Network Access and Web Isolation.
DDoS protection with Google Cloud Armor
To take on this challenge, Broadcom wanted to deploy a modern, cloud-first and fully-managed, software-defined solution that would be easy to set up, configure and scale along with high-availability capabilities – all without worrying about bandwidth limits.
After consulting with trusted advisors on the Google Cloud professional services team, Broadcom decided to use Google Cloud Armor, a cloud-based DDoS mitigation and Web Application Firewall (WAF) service that can help protect workloads wherever they reside − on-premises, in co-locations, or on any public cloud. In conjunction with the Google Cloud global load balancing infrastructure, Cloud Armor provides always-on DDoS protection from Layer 3 and Layer 4 volumetric and protocol-based attacks for all workloads behind HTTP/S and TCP/SSL Proxy Load Balancers, Network Load Balancer, using protocol forwarding, or virtual machines (VM) with public IPs.
Cloud Armor Standard and Managed Protection Plus are two tiers of capabilities and services that can be used to further customize detection and protection of websites, applications, services, and APIs.
“A key factor in our decision to deploy Cloud Armor was the collaboration with Google in DDoS attack testing,” said Ben-Haroche. “We set up a series of simulations to bombard our network security infrastructure to demonstrate just how well Cloud Armor protects our infrastructure against intense DDoS attacks. We can identify and mitigate these threats any time they occur, making our infrastructure more secure than ever.”
Cybersecurity Countermeasures Based on Profiled Traffic
As a subscriber to Cloud Armor Managed Protection Plus, Broadcom uses Google Cloud Armor’s Adaptive Protection, a machine learning-based, Layer 7 (OSI model) HTTP/HTTPs attack detection and mitigation capability. This service dynamically models, detects, and constructs countermeasures based on profiled traffic to help protect websites and applications from these types of targeted attacks.
Cloud Armor’s Adaptive Protection inspects and relates HTTP requests, payload headers, and other connection attributes to characterize a back-end service’s baseline exchanges. Cloud Armor’s Adaptive Protection detections provide a detailed description of attack characteristics, describing exactly what is suspicious about those patterns, and how they differ from the observed baseline for the particular back-end service, along with a confidence level of the likelihood of it being an actual attack. Broadcom then receives a proposed rule to help mitigate the attack, including confidence levels for its efficacy against the observed attack.
By policy, Broadcom can automate the deployment of the proposed rule, including the option for a “preview mode” allowing security team members to see the effects of a rule in Cloud Monitoring without having to enforce it first.
Broadcom has also enabled Managed Protection Plus’s advanced network DDoS protection, to add Layer3 and Layer4 DDoS protection and telemetry for workloads using external TCP/UDP network load balancer (network load balancing), protocol forwarding, or VMs with Public IP addresses.
Protection to pass along to customers
The Google Cloud platform defends the defenders with Cloud Armor protecting network infrastructure used by Broadcom customers to securely use the internet. Broadcom can also present Cloud Armor as a key security control when attesting to their customer security audits as required by compliance regulations pertaining to internet security.
Cloud Armor also advances compliance with the regulations Broadcom’s customers are subject to within the context of Public IP virtual machines and Network Load Balancing.“WAF compliance is a must-have for our customers,” Ben-Haroche said. “Otherwise, they could be prohibited from using our enterprise security solutions.”
Using custom-tailored WAF rules that can be deployed immediately based on current threats discovered by Cloud Armor, Broadcom provides its customers with advanced, high-level protection, such as allow listing based on source IP addresses and browser client geolocations. The Broadcom security team can then apply the rule in Preview Mode and use near real-time Cloud Logging to measure the rule’s effectiveness and impact on web server performance. Once they confirm the rule, Broadcom then applies the rule to actually perform the configured action.
Expert guidance for protecting workloads
“As we understand more and more about Cloud Armor and further develop our WAF functional requirements, we are developing a rolling list of additional use-cases,” said Ben-Haroche. “The Google Cloud Architects from Professional Services are great at guiding us on how to protect our workloads and exposed applications.”
“Thanks to Cloud Armor, we have strengthened the security posture of the Symantec network security infrastructure that provides leading, enterprise-grade solutions for our customers,” said Ben-Haroche. “And as a bonus, this lowers operational overhead, freeing Broadcom internal resources to focus on developing cutting-edge software solutions that address many of the industry’s greatest cybersecurity challenges.”