Google has announced a public preview of its new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. The Virtual Machine Threat Detection (VMTD) is a detection capability that provides agentless memory scanning to help detect threats like cryptomining malware inside your virtual machines running in Google Cloud.
The company’s Threat Horizons Report has reported that 86% of compromised cloud instances were used to perform cryptocurrency mining. “VMTD is one of the ways we protect our Google Cloud Platform customers against growing attacks like coin mining, data exfiltration, and ransomware,” writes Timothy Peacock
product manager at Google Cloud.
Virtual Machine Threat Detection is fully integrated and available through Security Command Center Premium. VMTD complements the existing threat detection capabilities enabled by the Event Threat Detection and Container Threat Detection built-in services in SCC Premium. Together, these three layers of advanced defense is said to provide protection for workloads running in Google Cloud.
With traditional endpoint security, software agents are deployed in guest virtual machine to detect threats. But as is the case in many other areas of infrastructure security, cloud technology offers the ability to rethink existing models.
Google said, for its compute engine, they wanted to see if we could collect signals to aid in threat detection without requiring our customers to run additional software. Not running an agent inside of their instance means less performance impact, lowered operational burden for agent deployment and management, and exposing less attack surface to potential adversaries.
“What we learned is that we could instrument the hypervisor — the software that runs underneath and orchestrates our customers’ virtual machines — to include nearly universal and hard-to-tamper-with threat detection.”