Security Command Center-Google Cloud

Security Command Center

Security Command Center is Google’s Centralised Threats and Vulnerabilities reporting service. It provides Centralised Visibility and control over your infrastructure. It helps to detect the misconfigurations and vulnerabilities, reporting on compliance & in detecting threats targeting your Google cloud assets.

Key features of Security Command Center

Security Posture Management

Security Command Center integrates with Cloud Asset inventory to provide visibility into Google cloud infrastructure and resources. Security Command Center has built in services like Security health Analytics, Event Threat Detection, Container Threat Detection which scans the logs for Threats and Vulnerabilities. It monitors the infrastructure to ensure appropriate policies are in place and alerts whenever there’s a change

Security Insights

It has a built-in feature which provides critical insights into Event Threat Detection, Container Threat Detection and Virtual Machine threat detection. It alerts the teams on potential threats, vulnerabilities and data loss based on which Security Teams can act. Couple of key insights it can provide are:-

• Lists VM’s with public ip address
• Lists Service Accounts which added / removed
• Firewall misconfigurations, Monitors cloud Apps for OWASP Attacks.
• Check if any Cloud Storage Buckets are open to Internet

Key Integration

It has integration with services like Chronicle (SIEM), Virus Total & MITRE Attack framework to investigate threats, see potential hashtag match for files and identify the Tactics, Techniques and Procedures used by Adversaries.

Integrated with DLP API to list potential PII and other Sensitive information in Buckets. Integrates with Cloud Armor to view potential DDOS and other Web Attacks. Integrate with Pub/Sub and Cloud functions for remediation

Compliance Reporting

It helps Security Teams achieve Compliance by providing Compliance Reporting as part of Security Health Analytics. It continuously evaluates your Security Posture against the compliance Standards. It has service detectors that are mapped to compliance standards like CIS benchmarks, NIST 800–53, PIC DSS 3.2.1, ISO 27001 etc.

Architecture Diagram

Configuring Security Command Center

To get started with Security Command Center

Go to Security in the list of services on the left hand side menu and click Security Command Center.

Navigate to Security Command Center

This is a general OVERVIEW dashboard of your organization, here you can see the threats for the specific time range and act accordingly

Security Command Center Dashboard

In the Overview tab scroll down to view the Active Vulnerability dashboard Security Teams can view severity of the vulnerabilities in the Infrastructure This will teams take timely decisions based on the findings

Security Command Center Vulnerabilities Dashboard

In the Active vulnerabilities dashboard Security Teams find details on the Vulnerabilities existing in the Infra. Security Team can click on the vulnerabilities to a deep dive into them and take actions based on the findings

Vulnerability Information

Security Teams can list the vulnerabilities based on the Severity, Standards, Categories etc and can click on the vulnerabilities to learn more about the same.

Vulnerability Information

In the ASSET tab team can view all the cloud resources details that are currently available under your organization. Various links for filters are available and the resources can be filtered based on Type, Project etc.

Asset Information

Viewing in project level

Assets View

Viewing as Assets changed

Assets View

In the FINDINGS tab Security Teams can view potential Security Threats and risk of the Cloud Resources.

Security Findings

Security Teams can click on Compliance Tab to view information with regards to Compliance status of the infra and can act / make changes based on the findings

Compliance Dashboard

The dashboard gives summary about Compliance standards such as NIST, OWASP, ISO 27001 etc.

Complaince Standards Information

In the SOURCES tab, you can be able to review a summary of combined assets and findings that you have already enabled.

Source specific Info

In EXPLORE Tab you can be able to explore additional new services and solutions to your threats and vulnerabilities. These are partners with google cloud who provide additional security to your workloads.

Security Command Center Integration Options

Security Teams can One-click pivot from SCC to various Integration tools to like Chronicle to investigative the incidents and take necessary actions based on the Investigation

The Blog is Co Authored by Prasanna Bhaskaran Surendran— Partner Engineer Google Cloud and Muralidharan — Cloud Architect Quadra Systems