Security Command Center
1. Security Command Center
Imagine you’re on a hike and you want to do some bird watching. But then you remember that you forgot your binoculars at home. That might make it hard to observe the birds up close, right? Similarly, in security, tools are an important way to monitor threats. Let’s take a moment to review Google Cloud’s CSPM, which a cloud security team can use in multicloud environments. Security Command Center, or SCC, is Google Cloud's centralized vulnerability and threat reporting service with CSPM features. Security Command Center scans your organization’s cloud infrastructure, helping you prevent, detect, investigate, and respond to threats throughout your organization’s cloud environment. SCC also helps you maintain your compliance with security standards, like the Center for Information Security, or CIS, Google Cloud Computing Foundations Benchmark, a set of secure configuration guidelines for Google Cloud environments. Let’s take a peek at some SCC features that will be useful to you as a cloud security analyst. On its main dashboard, SCC gives you a comprehensive overview of your organization’s cloud assets from a security point of view. You can use SCC’s assets feature to carry out an asset inventory review to help you discover and view your resources and policies in near-real time. This tool also provides asset tracking, so you can identify new, modified, or deleted assets. SCC can also be configured to send the security team real-time notifications when an asset or policy is modified so you can determine whether it was an authorized change. Along with helping you keep track of cloud assets, SCC scans for vulnerabilities using two main built-in services. The first is the Security Health Analytics service, which can identify misconfigured virtual machines, containers, networks, storage buckets, and IAM policies. This service also helps detect vulnerabilities. And second is the Web Security Scanner service, which automatically detects vulnerabilities in App Engine, Google Kubernetes Engine (or GKE), and Compute Engine applications. Web Security Scanner provides two main types of vulnerability scanning: managed scans and custom scans. Managed scans are configured and managed by SCC, and manage basic vulnerability detection for projects across the organization. You can configure custom scans to provide more granular information about vulnerabilities in individual projects. Along with identifying vulnerabilities, SCC scans for threats and compliance issues within your cloud environment. The Event Threat Detection service scans your Cloud Logging stream for potential threats based on threat intelligence features, or information about known or potential threats. The Container Threat Detection service scans for potential compromises of GKE containers. And the Virtual Machine Threat Detection service scans for potentially malicious applications running in virtual machines, or VMs, or Compute Engine. If a threat is found, SCC provides information about related events, like the event type, the event time the threat occurred, the event data source, and the event severity. Besides monitoring cloud resources for threats and vulnerabilities, SCC can be used to assess your organization’s compliance. The compliance dashboard checks your cloud environment settings for violations of certain compliance frameworks. It recommends fixes for any violations found. The dashboard also exports compliance reports based on the framework you choose. SCC also integrates with other data sources to provide more details about your cloud security posture. For example, Cloud Armor analyzes traffic to help protect cloud assets from DDoS and common OWASP attacks. Sensitive Data Protection scans storage buckets and databases for sensitive and regulated data, and provides recommendations to secure it. Also, SCC partners have solutions available to help you integrate data from SCC into your organization’s security portfolio. SCC is available in two tiers: standard, or no cost, and premium. The standard tier provides Security Health Analytics, including identifying high-severity threat detection. The premium tier builds on the functionality of the standard tier, including the Security Health Analytics service with the addition of PCI and CIS Benchmark reporting support. The premium tier also includes Web Security Scanner, along with Event Threat Detection, Container Threat Detection, and VM Threat Detection. Now that you understand more about Google SCC or your cloud data security binoculars, you’re ready to secure your organization’s cloud environment.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.