Google Cloud

Monitor your GCP environment with Cloud Security Command Center

March 27, 2018

Andy Chang

Senior Product Manager, Google Cloud Security

Last week, we announced the release of Cloud Security Command Center^Alpha (Cloud SCC), a new security data analysis and monitoring platform for Google Cloud Platform (GCP). Cloud SCC, now available in alpha, helps enterprises gather security information, identify threats and take action on them.

As the use of cloud services continues to grow, clear visibility into the security status of an organization’s cloud services and resources is more important than ever. Businesses need the right data and actionable insights to stop threats before security incidents do any damage. Cloud SCC takes inventory of your cloud assets, flags unwanted changes to those assets and uses a number of unique detectors to identify risky areas in your environment. Its findings are populated into a single, centralized dashboard and data platform so that you can quickly get a read on the security health of your cloud applications and data.

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-4zwj1.max-700x700.PNG

Cloud SCC aggregates security information in a single, centralized dashboard

In this blog post, we’ll take a deeper look into the capabilities and features of Cloud Security Command Center.

Gain visibility into your cloud services and resources

Cloud SCC gives enterprises consolidated visibility into their cloud assets across App Engine, Compute Engine, Cloud Storage, and Datastore. Using asset inventory, you can view resources for the entire GCP organization or just for particular projects. Cloud SCC performs ongoing discovery scans which allows you to see asset history to understand exactly what changed in your environment and act on unauthorized modifications.

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-30h5w.max-500x500.PNG

Cloud SCC gives you broad visibility cloud assets at the org and project level

Cloud SCC also features security “marks” that let you personalize how your security information is displayed, organized and managed in order to meet the unique requirements of your organization. With security marks, you can annotate your assets and then search, select, or filter using the mark—for example, you can filter out projects that you group together using the same mark.

Leverage powerful security insights from Google and leading security partners

Cloud SCC generates curated insights that provide you with a unique view of threats to your cloud assets. For example, security teams can answer questions like “Which cloud storage buckets contain PII?”, “Do I have any buckets that are open to the Internet?” and “Which cloud applications are vulnerable to XSS vulnerabilities?” With increasingly frequent reports of sensitive data being inadvertently exposed, gaining visibility into these key risk areas is especially important for enterprises. Cloud SCC integrates with Google Cloud security tools and leading security partners to give you these valuable security insights.

Detection from Google

Cloud SCC integrates with a number of Google Cloud security tools. With information from the DLP API, you can find out which storage buckets contain sensitive and regulated data, help prevent unintended exposure, and ensure access is based on need-to-know. You can also pull in information from Cloud Security Scanner which uncovers common vulnerabilities such as cross-site-scripting (XSS) and Flash injection that put your Google App Engine applications at risk. Using Forseti, an open source security toolkit for GCP, you can identify misconfigured access control policies and respond right away.

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-237s1.max-400x400.PNG

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-6s3qu.max-700x700.PNG

These Cloud SCC views show permission changes detected by Forseti, an open source GCP security toolkit

Administrators can also identify threats like botnets, cryptocurrency mining, and suspicious network traffic in your projects and virtual machine (VM) instances with built-in anomaly detection developed by the Google security team.

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-5u7uh.max-400x400.PNG

Cloud SCC features built-in anomaly detection from Google to identify threats to your cloud environment

https://storage.googleapis.com/gweb-cloudblog-publish/images/command-center-13t92.max-400x400.PNG

This Cloud SCC card shows sensitive data uncovered by the DLP API

Detection from security partners

Using Cloud SCC, you can leverage intelligence from your existing security tools such as Cloudflare, CrowdStrike, Dome9, Palo Alto Networks, Qualys, and RedLock into Cloud Security Command Center to help detect DDoS attacks, compromised endpoints, compliance policy violations, network attacks, and instance vulnerabilities and threats. Our partner solutions cover a broad set of enterprise security needs and we’ll continue to add new partnerships to our network in the future.

Take advantage of an open and flexible platform

Cloud Security Command Center features a REST API which gives you the flexibility to work with your existing security systems and workflows. Using the API, enterprises can easily integrate the full range of their own threat detection capabilities—once the data sources are forwarded to Cloud Security Command Center, they can be viewed just like the Google-provided Command Center detectors. In addition, you can take advantage of the Pub/Sub notification integration to receive Cloud SCC alerts via Gmail, SMS, and Jira.

Try Cloud Security Command Center today

We’re excited to bring the Cloud SCC security monitoring platform to the suite of GCP security services. To learn more, check out the product documentation, or get started today by signing up for the Cloud SCC alpha program.

Posted in