Google Brings 3 New Key Capabilities For Cloud Armor

New key features to protect the websites and applications include Cloud Armor Managed Protection Plus, Google-curated Named IP Lists, and beta rules for RFI, LFI, and RCE.

Over the first half of this year, Google has made several critical features and capabilities generally available for Google Cloud Armor. Now the company is introducing 3 new key features to protect the websites and applications: Cloud Armor Managed Protection Plus, Google-curated Named IP Lists, and beta rules for RFI, LFI, and RCE.
Google said that Cloud Armor Managed Protection Plus leverages the edge of Google’s network, and a set of products and services from across Google Cloud. It helps you protect your applications from DDoS attacks and targeted exploit attempts.
 Source: Google
Well, Managed Protection is available in two service tiers: Standard and Plus. All existing Cloud Armor users, as well as workloads behind any of our global load balancers, are automatically enrolled in Managed Protection Standard. At standard level users get Google-scale volumetric and protocol-based DDoS protection for any of their globally load-balanced applications and services, as well as access to Cloud Armor WAF and layer 7 (L7) filtering capabilities, including the pre-configured WAF rules.
Source: Google
Protection Plus, currently in beta, is a subscription service with a predictable, enterprise-friendly monthly pricing model that mitigates cost risk from defending against a large L7 DDoS attack.
Now in beta, Named IP Lists are Google-curated rule sets containing a pre-configured list of IP addresses that can be referenced and reused across policies and projects. The company is providing Named IP Lists that have source IP ranges for common upstream service providers that many of users would want to allow via their Cloud Armor security policies.
In order to expand the scope of the pre-configured WAF rules to all Cloud Armor customers, Google is also making RFI, LFI, and RCE rules available as a beta. According to Google, these rules contain industry-standard signatures from the ModSecurity Core Rule Set to help mitigate the Command Injection class vulnerabilities while enhancing the out-of-the-box coverage for OWASP Top 10 vulnerabilities as well.
For additional details, you can visit the official announcement here.