Google Cloud’s Cryptomining Protection Program

The ability to detect cryptomining attacks is crucial in preventing their costly consequences. Google Cloud’s Security Command Center Premium includes specialized detection capabilities that are seamlessly integrated into the Google Cloud infrastructure. Using innovative techniques, Security Command Center scans virtual machine memory for malware without the need for agents, which can compromise performance and increase an organization’s attack surface. This approach enables the detection of attacks that may be overlooked by add-on security tools relying solely on cloud logs and API-based information analysis. Additionally, Security Command Center can identify compromised identities that allow attackers to gain unauthorized access to cloud accounts and rapidly deploy cryptomining malware. By detecting potential threats before adversaries can exploit compromised information, Security Command Center provides comprehensive and advanced cryptomining attack detection capabilities that can only be achieved through a product built into the cloud infrastructure.

Security Command Center Premium customers who adhere to the program’s terms and conditions, including Cryptomining Detection Best Practices, are eligible to participate in the Cryptomining Protection Program. This program provides financial protection to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. To learn more about the program and its eligibility criteria, customers can refer to the Cryptomining Protection Program Overview.

At Google Cloud, risk management is approached through a shared fate model, emphasizing our commitment to delivering robust security outcomes on our platform. By providing customers with effective built-in tools to detect one of the most prevalent and costly cloud threats, Google Cloud takes responsibility for ensuring security. In the event that our detection efforts are unsuccessful, the Cryptomining Protection Program offers financial protection to affected customers. This shared fate approach to cloud security enhances confidence among enterprise buyers when transitioning to the cloud, knowing that they are supported by a provider that actively mitigates risks and provides financial recourse.

Philip Bues, research manager for cloud security at IDC, emphasized the seriousness of cryptomining attacks and the significance of preventive controls and threat detection capabilities in cloud environments. Bues commended Google Cloud’s initiative, stating that their built-in threat detection of unauthorized cryptomining, combined with the financial protection offered through the Cryptomining Protection Program, provides reassurance to enterprise buyers considering cloud adoption.