Tools for proactive security monitoring
1. Tools for proactive security monitoring
Cloud security tools can help identify and address threats. In this video, you’ll explore how to use Google Cloud's monitoring tools to proactively monitor your security. Let’s start our investigation by examining Cloud Logging. Cloud Logging is a powerful tool that you, as a cloud security professional, can use to store, search, analyze, monitor, and alert on log data and events. Cloud Logging is a key component for lots of cloud security activities. You can use Cloud Logging to search for log entries while investigating potential threats. For example, imagine you're investigating a potential breach where an unauthorized individual has accessed a cloud application. You want to identify whether there are any log entries that indicate that the individual accessed any sensitive data. In this scenario, you could use Cloud Logging to query for log entries from the cloud application that the individual accessed. Along with Cloud Logging, you can use Security Command Center, or SCC, for proactive security monitoring. Let’s explore these in more detail. SCC is a security solution that helps organizations improve their security posture by detecting threats and managing risk. Cloud provides instant scalability and elasticity, which allows you to quickly expand cloud infrastructure. But, this makes keeping track of each cloud asset very challenging. From a security perspective, you can't protect what you don't know. So, keeping track of your cloud assets is essential to managing risk, maintaining your cloud security posture, and, most importantly, detecting and responding to threats. SCC provides a centralized view of all your cloud assets. They’re displayed in a full inventory, providing comprehensive visibility into your environment. This overview also provides you with a way to evaluate each asset for vulnerabilities, misconfigurations, or errors, so that you can address them. One of the most common cloud security issues is caused by misconfigurations. SCC can detect whether cloud assets are misconfigured and vulnerable to attack, helping you mitigate security issues. For example, imagine a media organization provides cloud-based streaming services to its users. But the organization accidentally adds a new critical server to their cloud environment that contains unreleased video content. SCC immediately alerts the security team that there’s a misconfiguration in the newly created server. The alert indicates that the server has an open firewall, allowing traffic from the internet to reach the server, which can unnecessarily expose resources to attacks from unintended sources. The organization's security team quickly remediates the issue by adding firewall rules to the server, and disabling all traffic coming from the internet. Next, let's examine a component of the Security Command Center: Event Threat Detection. Event Threat Detection is a built-in service for the Security Command Center platform. It provides continuous monitoring of a cloud environment to identify and alert you to any potential threats. Event Threat Detection works by analyzing logs from the Cloud Logging platform. It analyzes log entries using built in detection rules. These detection rules then provide security systems with instructions on identifying malicious activity. You can choose which types of detection rules you want to use based on your organization's security needs. An example of a built-in detection rule is a rule that's used to identify and block suspicious account logins. To wrap up, monitoring tools provide cloud security professionals with actionable insights about their cloud environments. So, with these tools, organizations can proactively identify and mitigate threats.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.