All news with #cloud armor tag

🔐 At Google Cloud Next, Google outlined a resilient, scalable, and secure foundation to accelerate public sector adoption of the agentic era, highlighting infrastructure, data, and security innovations. Key infrastructure announcements include the AI Hypercomputer with eighth-generation TPUs (TPU 8t for training, TPU 8i for inference) and Virgo Networking, plus Google Distributed Cloud bringing Gemini to where data resides. On data, an AI-native architecture features Knowledge Catalog (FedRAMP High, DoD IL4 & IL5) and a cross-cloud Lakehouse to ground agents in trusted context. Security advances combine Google Threat Intelligence with Wiz, authorize Cloud Armor and Model Armor, and add defensive agents to protect models and sensitive data.

🔁 This guide explains how to migrate on-premises application load balancer configurations to Google Cloud Application Load Balancer using a pragmatic, phased approach. It recommends a four-step plan: discovery and mapping, choosing cloud equivalents, test and validate, and a phased canary cutover. For common patterns use declarative features like URL maps and Cloud Armor; for bespoke logic use Service Extensions. The post emphasizes monitoring, rollback planning, and operator training.

🔒 Google Cloud's Cloud NGFW Enterprise now supports domain and SNI-based URL filtering with limited wildcard matching to shift enforcement to the application layer. The URL filtering service inspects HTTP payloads and SNI headers to enable granular egress policies and block malicious domains without requiring full TLS decryption. This reduces the operational burden of tracking dynamic IPs and helps prevent bypass techniques such as SNI spoofing while preserving end-to-end encryption and compliance.

🔒 Meta and Vercel disclosed a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) that also affected some Next.js releases. Google Cloud rolled out a preconfigured Cloud Armor WAF rule (cve-canary), is enforcing protections for Firebase Hosting, and recommends testing the rule in preview while enabling ALB request logging to consume telemetry. Customers should promptly update dependencies to React 19.2.1 and the patched Next.js releases and redeploy services to remove the vulnerability.

🛡️ Cloud Armor introduces hierarchical security policies and organization-scoped address groups to simplify centralized policy management across organization, folder, and project levels. The release also includes GA support for JA4 network fingerprinting and ASN/NTI controls for Media CDN, while an enhanced WAF request-body inspection (preview) expands inspection from 8 KB to 64 KB. These updates are designed to strengthen threat protection and reduce operational complexity for hybrid and multicloud deployments.

🔒 Google Cloud has launched a Network Security Learning Path culminating in the Designing Network Security in Google Cloud skill badge to help organizations secure dynamic cloud networks. The program covers design, build, and management of secure VPCs, GKE lockdown, NGFW rules, Cloud VPN/Interconnect, and Cloud Armor for WAF and DDoS protection. Learners validate skills through a hands-on break-fix challenge lab simulating incidents like firewall policy breaches and data exfiltration.