When migrating your infrastructure to the cloud one of your main concerns might be: is the cloud really secure? And how can I maintain control of all that happens in my cloud infrastructure?
Google Cloud Platform’s Security Command Center is one solution to help answer those questions. It centralizes the visualization of all your organization’s assets and its possible vulnerabilities or misconfigurations.
To start using the Security Command Center, you must first activate it within your organization using an account that has privileged admin roles. Luckily you can get started using the stand tier free of charge.
Standard Tier
Here are some of the useful features the standard tier offers:
- Security Health Analytics scans Google Cloud assets looking for vulnerabilities and misconfigurations like:
- MFA being inactive for a certain account (we know how risky this is in a privileged account)
- It detects members outside the organization with access to resources that are included in a group with permissions.
- Dangerous open ports in the perimetral firewall.
- Exposed public log buckets.
- With predefined rules against the most common attacks and the possibility to create custom rules like IP filtering, Cloud Armor acts as a WAF, adding another layer of security to all your deployments. We love and use this feature in all our website deployments. The Security Command Center helps us visualize all the incidents it detects and to adapt our rules accordingly.
- You can detect security anomalies in your VMs like potentially leaked credentials and crypto mining.
- All this information can be exported to BigQuery or your favorite third-party SIEM to be processed
For a more detailed rundown of all the features, you can check the official documentation.
Premium Tier
There are additional features in the Security Command Center premium tier, such as:
- Container Threat Detection: this service continuously monitors the state of deployed container images. It will alert you if there was an added binary to the image that was not in the original one. It will also alert you about the execution of malicious scripts or reverse shells.
- Using threat intelligence and machine learning, Malware, brute force SSH and outgoing DoS anomalies are added to the Event Threat Detection. It also adds the detection of changes to MFA, SSO, or leaked passwords to the user’s account protection.
- One of the most important features of this tier is the possibility to create compliance dashboards and reports following the most used standards in the industry like CIS, NIST, PCI, or ISO27001. You can view and export these compliance reports to help ensure all your resources are meeting all their compliance requirements.
- If you enable VM Manager, you can detect vulnerabilities in the operating systems installed on virtual machines.
- Create SMS alerts, and emails, or have them sent to your favorite chat application with Pub/Sub notifications.
We use the Security Command Center extensively for its defensive security features like Cloud Armor and its health monitoring of the organization’s users and assets. As we discover more of its features, we are integrating them to make the most of its full potential.
Here we have just detailed some of the capabilities of the Security Command Center, but there are many more that can suit your specific needs.
Are you looking to make your site more secure? Making Science has got you covered! We can perform site audits and provide recommendations about where and how to get started.