Google Cloud Security Command Center – SCC

Google Cloud Security Command Center SCC

  • Security Command Center is a Security and risk management platform
  • Security Command Center helps generate curated insights that provide a unique view of incoming threats and attacks to the assets
  • Assets include organization, projects, instances, and applications
  • Security Command Center displays possible security risks, called findings, that are associated with each asset.
  • Findings come from security sources that include Security Command Center’s built-in services, internal services like DLP, Web security scanner, third-party partners, and your own security detectors and finding sources.
  • Security Command Center asset discovery runs at least once each day and allows for manual re-scan

Security Command Center Features

Asset Discovery and Inventory

  • Discover the assets, data, and Google Cloud services across the organization and view them in one place.
  • Review historical discovery scans to identify new, modified, or deleted assets.

Sensitive data identification

  • Cloud Data Loss Prevention (DLP) integrates automatically with SCC
  • Identify which storage buckets contain sensitive and regulated data
  • Prevent unintended exposure and ensure access is on need-to-know basis

Application vulnerability Detection

  • Web Security Scanner integrates automatically with SCC
  • Uncover common vulnerabilities like cross-site-scripting (XSS) and Flash injection that put the applications at risk with Web Security Scanner.

Access Control Monitoring

  • Help ensure the appropriate access control policies are in place across the Google Cloud resources and get alerted when policies are misconfigured or unexpectedly change.
  • Forseti, the open-source security toolkit, integrates with SCC

Anomaly Detection from Google

  • Identify threats like botnets, cryptocurrency mining, anomalous reboots, and suspicious network traffic with built-in anomaly detection technology developed by Google.

Third-party Security Tool Inputs

  • Integrate output from the existing security tools like Cloudflare, CrowdStrike, Prisma Cloud by Palo Alto Networks, and Qualys, into SCC
  • Integrating output can help detect:
    • DDoS attacks
    • Compromised endpoints
    • Compliance policy violations
    • Network attacks
    • Instance vulnerabilities and threats

Real-time notifications

  • Get Security Command Center alerts through email and SMS with Pub/Sub notification integration.

Security Command Center Services

  • Security Health Analytics provides managed vulnerability assessment scanning for Google Cloud that can automatically detect the highest severity vulnerabilities and misconfigurations across Google Cloud assets.
  • Web Security Scanner custom scans provide granular information about application vulnerability findings like outdated libraries, cross-site scripting, or the use of mixed content.
  • Cloud Data Loss Prevention discovers, classifies, and protects sensitive data
  • Google Cloud Armor protects Google Cloud deployments against threats
  • Anomaly Detection identifies security anomalies for the projects and VM instances, like potential leaked credentials and coin mining, etc.
  • Container Threat Detection can detect the most common container runtime attacks
  • Forseti Security, the open-source security toolkit, and third-party security information and event management (SIEM) applications
  • Event Threat Detection monitors the organization’s Cloud Logging stream and consumes logs for one or more projects as they become available to detect Malware, Cryptomining, Brute force SSH, Outgoing DoS, etc.
  • Phishing Protection helps prevent users from accessing phishing sites by classifying malicious content that uses the brand and reporting the unsafe URLs to Google Safe Browsing
  • Continuous Exports, which automatically manage the export of new findings to Pub/Sub.

Web Security Scanner

  • Web Security Scanner identifies security vulnerabilities in the App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications.
  • Web Security Scanner crawls the application, following all links within the scope of the starting URLs, and attempts to exercise as many user inputs and event handlers as possible.
  • Web Security Scanner only supports public URLs and IPs that aren’t behind a firewall.
  • Web Security Scanner errs on the side of underreporting and doesn’t display low confidence alerts, to avoid distraction with false positives.
  • It does not replace a manual security review, and it does not guarantee that the application is free from security flaws.
  • Web Security Scanner managed scans are configured and managed by Security Command Center and findings are automatically available in the Security Command Center vulnerabilities tab and related reports
  • Web Security Scanner scans provide information about application vulnerability findings, like XSS, Flash injection, outdated libraries, cross-site scripting, clear-text passwords, or use of mixed content

GCP Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • GCP services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • GCP exam questions are not updated to keep up the pace with GCP updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.

References

Google_Cloud_Security_Command_Center