When migrating your infrastructure to the cloud, one of your main concerns can be: is the cloud secure? And how can I maintain control of all that happens in my cloud infrastructure?
Hopefully, Google Cloud Platform’s Security Command Center is here to help answer those questions on centralising the visualisation of all your organisation’s assets and their possible vulnerabilities or misconfiguration.
You have to activate the Security Command Center in your organisation with an account with a few privileged roles in order to start using it. Luckily you can try the standard tier free of charge.
We want to highlight some of the several useful features this standard tier comprises, like:
- Security Health Analytics scans Google Cloud assets looking for vulnerabilities and misconfigurations like:
- MFA is not active for an account (we know how risky this is in a privileged account)
- Members outside the organisation have access to resources as they are included in a group with permissions.
- Dangerous open ports in the perimetral firewall.
- Public buckets to the internet and many more.
- With predefined rules against the most common attacks and the possibility to create custom rules like IP filtering, Cloud Armor acts as a WAF, adding another layer of security to all your deployments. We love and use this feature profusely in all our website deployments, and the Security Command Center helps us visualise all the incidents detected by it and to adapt our rules accordingly.
- You can detect security anomalies in your VMs like potentially leaked credentials and crypto mining.
- All this information can be exported to BigQuery or your favourite third-party SIEM to be processed.
Please check the official documentation for a more detailed rundown of all the features.
There are additional features in the Security Command Center premium tier, such as:
- Container Threat Detection: this service continuously monitors the state of the deployed container images, alerting if there was an added binary to the image that was not in the original one or the execution of malicious scripts or reverse shells.
- Using threat intelligence and machine learning, Malware, brute force ssh and outgoing DoS anomalies are added to the Event Threat Detection. It also detects changes to MFA, SSO, or leaked passwords to the user’s account protection.
- One of this tier’s big features is the possibility to create compliance dashboards and reports following the most used standards in the industry like CIS, NIST, PCI or ISO27001. You can view and export those compliance reports to help ensure all your resources meet their compliance requirements.
- If you enable VM Manager, you can detect vulnerabilities in the operating systems installed on Compute Engine virtual machines.
- Create SMS alerts, mails, or to your favourite chat application with Pub/Sub notifications.
We use the Security Command Center extensively for its defensive security features like Cloud Armor and its health monitoring of the organisation’s users and assets, but we are integrating more of its features as we discover its real potential.
Here we have just detailed some of the capabilities of the Security Command Center, but there are many more that can suit your specific needs.
If you would like to find out more information on Google Cloud Platform Security Command Centre and how it can help your business, get in touch with us at info@makingscience.com.