This is the third blog in our series on GCP security. If you haven’t parts 1 & 2, definitely have a look for more context on part 3.
In part 1, we discussed the lack of a comprehensive approach to security and managing security on GCP. In part 2 (GCP security best practices), we focused on what’s needed to achieve enterprise-grade breadth and depth for securing apps on GCP. Here, for part 3, we’ll concentrate on what Valtix customers do with Valtix to secure apps on GCP. We’ll walk through:
- Strong Architectural Foundation
- Enterprise Security Capabilities
- Cloud Native Ops
The first two topics really focus on the architecture of Valtix, the third and fourth focus more on the fact that Valtix’s architecture enables a “single policy, single workflow” approach to operations – which is game-changing for many organizations. The need for a comprehensive approach is highlighted by Google Cloud’s own research showing how threat actors follow the common attack pattern of maintaining persistent network presence after the initial compromise by moving laterally and maintaining outbound connections to command-and-control (C2).
Strong Architectural Foundation
Valtix offers organizations an approach that works across all public clouds, which most teams need, but for this blog we’ll focus on GCP. Valtix has built a platform that secures workloads using the network – which works for every application architecture in the cloud. Valtix starts with continuously discovering workloads in GCP and overlays this with existing traffic flows (DNS queries and VPC flow logs). Correlating this against threat intelligence shows you the gaps: which workloads are connecting to malicious destinations or command-and-control (C2) infrastructure? Armed with this visibility, the Valtix Controller enables an array of distributed security services to be brought to bear for each workload in GCP (or any cloud), instructed by a single policy based on workload context (“dev”, “test”, “prod”, “pci”, “web”, “backend” etc).
Decryption is a critical aspect of this; we know attackers also leverage it. Because Valtix uses a single approach (not discrete security functions with separate management consoles), it can integrate with GCP’s KMS, enabling a manageable and compliant approach to decryption/re-encryption across all security capabilities. By decrypting traffic at scale and removing that burden from customers, they can focus on security policies rather than building and managing complex network security infrastructure.
So – a single point of visibility, control, and decryption means that the right policy can be applied to the right workload across security functions.
Enterprise Security Capabilities
Speaking of security functions, there are a few critical capabilities that Valtix customers use heavily after decryption – layer 4 firewall, IPS, DLP – across three different traffic patterns: ingress, egress, and east-west. Looking back at the summary of requirements from Part 2, Valtix hits:
- Inbound threat defense (IPS/WAF)
- Outbound threat defense (C&C/DLP – egress security)
Obviously, the comprehensive nature of these capabilities across all traffic presents a very different picture from the GCP tools (GCP Firewall, WAF, etc). Making this all work at high performance and low latency is what Valtix customers rely upon.
Cloud Native Ops
The other difference between Vatlix and GCP tools that organizations value is the single policy/single workflow approach that Valtix uses. Customers associate an app with a policy that bridges all security functions, and have a single workflow (either Terraform or interfacing with the Valtix controller) – and that’s it.
They’re not deploying appliances or individual gateways in GCP. As customers mature in their internal processes, they graduate from using the Valtix web interface and start using the Valtix Terraform provider to bake security into their DevOps process. This allows security teams to primarily set security policy and requires developers to simply tag or label their workloads correctly (“dev”, “test”, “prod”, “compliance”, “web” etc.), and policy gets enforced automatically.
Since there’s a single policy and single workflow, compliance is much easier. Instead of pulling reports from different tools, connectivity and controls are managed with the Valtix controller. Making reporting against various compliance objectives simpler and easier. What makes compliance easy is also the automated workload-based policy; no longer are you concerned about applying security on auto-scaling workloads.
Valtix customers on GCP can take advantage of a strong architectural foundation, enterprise security capabilities, cloud native ops, and easy compliance. All are integrated both with modern DevOps frameworks and GCP infrastructure. Getting started with Valtix on GCP is easy. Here are a few ways to begin:
- Take the Valtix Product Tour
- Sign up to get an account using the Valtix Free Tier and view our on demand workshop for GCP to get hands on.