Google Cloud and Palo Alto Networks: A Closer Look

In this post, guest bloggers Vineet Bhan, Sheba Roy and Ashish Verma of Google Cloud share a closer look at product integrations between Google Cloud and Palo Alto Networks.

Most enterprises have hybrid or multi-cloud deployments, and maintaining consistent security posture across all deployments is always one of their top priorities. In December 2018, we announced an expanded partnership with Palo Alto Networks with exactly that goal in mind. With Google Cloud’s native security toolkit and deep integrations with Palo Alto Networks cloud security products such as the VM-Series, Prisma Public Cloud, and Prisma SaaS, you can define a consistent security posture in Google Cloud and on-premises. Let’s look into some of these integrations.

Governance and compliance: Prisma Public Cloud (formerly RedLock) provides continuous monitoring and compliance reporting for your resource configurations, network configurations, and user activity on Google Cloud. It can now detect risks and provide auto-remediation across ten core Google Cloud Platform (GCP) services, such as Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. Prisma Public Cloud is also integrated with GCP’s Security Baseline APIalpha , which provides visibility into the compliance posture of Google Cloud platform. With this integration, customers can get compliance visibility into their full stack.

In addition, with Cloud Security Command Center integration, customers can incorporate Prisma Public Cloud findings into their single pane of glass view by simply enabling the integration in GCP marketplace.

Security analytics: Along with security governance and compliance assurance, Prisma Public Cloud integrates with VPC flow logs to provide useful insight into east-west and north-south traffic flows by correlating data with various security intelligence sources.

Security for GCP workloads: Palo Alto Networks VM-Series firewalls protect both container and compute workloads and can be deployed directly through GCP Marketplace. Deploying the VM-Series with Google Cloud Load Balancers allows horizontal scalability as your workloads grow and high availability to protect against failure scenarios. VM-Series also takes advantage of Cloud Armor to block malicious IP addresses at Google’s edge, saving on compute cycles that analyze other critical traffic flows.

Security for hybrid containerized workloads: Anthos (formerly Cloud Services Platform) lets you build and manage modern hybrid applications. Istio is an open service mesh that can be deployed on Google Kubernetes Engine (GKE) as part of Anthos to provide a uniform way to connect, manage, and secure microservices. With the NGFW policy engine (an Istio mixer adapter developed by Palo Alto Networks) customers can secure east-west traffic based on attributes such as source namespace, source service, destination namespace, destination service and protocol through Panorama. The NGFW policy engine also provides detailed telemetry from the service mesh for forensics and analytics. The NGFW policy engine can be deployed to a kubernetes cluster hosted on-premise or in the cloud directly through the GCP marketplace.

Data Protection for G Suite: Prisma SaaS (formerly Aperture) is a SaaS security service that connects directly to SaaS applications for data classification, Data Loss Prevention, and threat detection.  It leverages an out-of-band, API-based approach that enables granular inspection of data at rest in G Suite as well as ongoing monitoring of user activity and administrative configurations.

Learn more about our partnership and integrations at Ignite ‘19:

• Visit the Google Cloud booth (#603). See our interactive demos such as Google Cloud SCC, Cloud Armor, VPC service controls, and integrations with Palo Alto Networks products.

• Attend our sessions. On Tuesday, June 4th at 1:00 PM we’ll share a comprehensive look at container security with Google Cloud. On Wednesday, June 5th at 2:10 PM join us to learn how to build highly scalable and secure deployments on Google Cloud.

• Schedule 1:1 time with us. Talk with our team about whatever security questions you have. Fill out this form to schedule time.

We hope to see you there,

The Google Cloud Team