At this year’s Google NEXT 2019 conference, Google announced the General Availability of its Cloud Security Command Center (Cloud SCC) Product. Cloud SCC represents a critical foundation for enabling Cloud Security for Google Cloud Platform (GCP) customers by providing them with the tools to help surface and remediate GCP security and data risks.
As a Google Cloud Platform (GCP) Technology and Services Partner, CloudQuest is excited to be part of the Cloud SCC partner ecosystem with our native integration to Cloud SCC (using the v1 APIs) in our latest release of Guardian i.e. Version 3.
We are also excited to be leveraging this integration to deliver some unique GCP native capabilities for our customers such as:
- Policy-driven Security, Governance and Compliance Monitoring Dashboards with Out-of-the-Box rules to enable GCP Best Practices
- Simultaneous Integration with multiple SIEM, Ticketing, and Analytics systems
- Workflow Triggers, Orchestration, and Automation to respond to Security Incidents
Cloud SCC Enhances Threat Detection With GCP Native and 3rd Party Finding Sources
Cloud SCC provides customers a unified inventory of their GCP assets along with any potential security risks. These security risks are called findings in Cloud SCC parlance. Findings can be surfaced in SCC with the help of both GCP native sources as well as 3rd party sources.
At last year’s announcement, Google introduced the partner ecosystem for Cloud SCC. The ecosystem comprised a number of 3rd party integrations serving as findings sources for Cloud SCC. The SCC announcement this year highlighted the addition of even more 3rd party findings sources to the partner ecosystem. What was most impressive to us is the number of GCP native findings that are now integrated into Cloud SCC. Some examples include:
- Event Thread Detection
- Security Health Analytics (SHA)
- Cloud Anomaly Detection
- Cloud DLP Data Discovery
Going Beyond Findings
Customers who have been demanding best-in-class threat detection for GCP will certainly appreciate all the breadth of findings now available to them through the growing list of GCP native and 3rd party findings sources being integrated with Cloud SCC.
However, the larger challenge facing customers beyond threat detection is how to expeditiously process all the findings, assess any risks to their enterprise’s security, compliance posture and rapidly respond to any potential risk.
This is the area of focus for CloudQuest Guardian.
Bridging the Last Mile to Enterprise Security for GCP with Guardian
Guardian was purpose-built to equip security personnel with capabilities to get up-to-date insights into the security, compliance posture of their GCP infrastructure, identify threats and facilitate rapid responses to the identified threats.
The objectives remain the same but the product has now been rearchitected and redesigned entirely around Cloud SCC in Guardian Version 3 (v3)
Note: It is worth noting here that unlike most other partner integrations currently in the Cloud SCC ecosystem, Guardian v3 is not a source of findings. Rather it serves as a bridge between Cloud SCC and enterprise issue trackers so that resource owners have the ability to remediate security issues.
Guardian v3 leverages the data from Cloud SCC to help customers:
- Continuously monitor, assess their current security and compliance posture and identify any threats
- Create and execute workflows and automation. These will help orchestrate the security response to threats by enabling integrations with existing enterprise security tools such as SIEM, ticketing and analytics systems.
GCP Security Best Practices Now OOTB
Guardian v3 comes with out-of-the-box (OOTB) GCP configuration policies that address common requirements in security regimens such as CIS GCP Foundation Benchmarks, PCI/DSS, HIPAA, and SOC2.
Enterprises can easily build on top of these OOTB policies by adding enterprise-specific policies. All policy violations automatically generate tickets in the integrated system and provide rolled-up accountability up the GCP hierarchy.
GCP-Native Workflow Triggers, Orchestration and Automation
A key point of differentiation between Guardian and other tools is that it is a GCP-native security solution. This enables Guardian to use GCP-specific information to determine how to handle workflows and automation in response to security events.
A unique feature in Guardian is the ability to create and target policy compliance to specific parts of the GCP hierarchy such as individual Folders, Projects or even specific GCP assets.
Business-as-Usual Through Integrations
At CloudQuest, we are acutely aware that no security tool can afford to be an island to itself. After all, enterprises have existing tools, processes, and workflows to deal with incidents. To this end, Guardian enables integrations with existing ticketing, SIEM, and analytics tools through native or pub/sub integrations.
Guardian and Cloud SCC – Exciting Times Ahead!
To wrap it all up, we believe that by combining the comprehensive threat detection capabilities in Cloud SCC with the GCP-Native, Policy-Driven Security, Compliance Monitoring, Security Response Orchestration and Automation capabilities in Guardian v3, CloudQuest is delivering the best-in-class capabilities that enterprise customers need to effectively secure their GCP infrastructure!