Welcome to the second Cloud CISO Perspectives for April 2024. In this update, my colleague Sunil Potti gives a leaders’ tour of Security Command Center Enterprise — and how it can help security teams better manage risk across their growing cloud deployments.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
–Phil Venables, VP, TI Security & CISO, Google Cloud
- aside_block
- <ListValue: [StructValue([('title', 'Get vital CISO Insights with Google Cloud'), ('body', <wagtail.rich_text.RichText object at 0x3eaff3455730>), ('btn_text', 'Visit the hub'), ('href', 'https://cloud.google.com/solutions/security/leaders'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>
A leaders’ tour of Security Command Center Enterprise
By Sunil Potti, VP/GM, Google Cloud Security
Successfully managing cloud risk has become more challenging as the cloud has matured. Customers who understand the benefits of cloud — the faster flywheel of innovation, the lower marginal cost of security, the increasing deployment velocity — also must contend with siloed tools, too many signals to respond to, and distributed ownership of critical issues.
At Google Cloud Next, we announced that our answer to these problems and more specifically, Security Command Center Enterprise, is now generally available. Built on the Security Command Center foundation that’s in use today protecting thousands of Google Cloud customers, it’s the first multicloud risk management solution that merges cloud security and security operations.
As organizations small and large, from startups to legacy players, pursue cloud-first strategies, the cloud is a growing home to critical applications and data. The shift to cloud has gotten the attention of adversaries such as APT groups, some of whom are increasingly focused on attacking cloud infrastructure.
“In testing Google’s Security Command Center Enterprise, our PwC team was impressed with its capabilities,” said Prakash Venkata, principal at PwC. “As our clients continue to reinvent their businesses in the cloud, their cloud security should expand accordingly. That’s why we’re excited to bring this product to market together, as Google’s solution is critical to helping our joint customers effectively mitigate risks in their multicloud environments.”
Security Command Center Enterprise brings together modern SecOps, threat intelligence, and cloud security capabilities to protect your multicloud environment. We’re able to help security teams streamline their workflows and get the information they need to make critical decisions and remediate issues faster by offering security teams a unified view that includes posture controls, active threats, cloud identities, data, and AI-powered insights, with integrated remediation and accountability into end-to-end workflows.
Security Command Center Enterprise brings together security and SecOps teams using a single interface and common data model to help empower more professionals, with broader skill sets, to directly act on issues that impact cloud risk.
Integral to Security Command Center Enterprise is a risk engine that constructs a digital-twin model of your cloud environment that uses attack path simulation technology to play the role of an attacker. It can predict where a strike might occur, what cloud resources would be exposed, and the possible blast radius of a successful attack.
The same underlying technology platform that delivers our modern Security Operations capabilities also powers Security Command Center Enterprise. It uses that technology to analyze vulnerabilities, misconfigurations, and threats to assign cases for further investigation, and it can offer playbooks for prevention and remediation. Security Command Center Enterprise brings together security and SecOps teams using a single interface and common data model to help empower more professionals, with broader skill sets, to directly act on issues that impact cloud risk.
At Next ‘24, we announced two important new capabilities. Gemini in Security Command Center now offers preview features that lets security teams use natural language to search for threats and other security events and summarize attack paths to help understand cloud risks for remediation.
Meanwhile, Mandiant Hunt for Security Command Center Enterprise is now in preview. It offers on-demand human expertise that can become an extension of internal security operations teams. Hundreds of elite-level analysts and researchers are available on-call to proactively find elusive threats in organizations’ cloud environments.
To learn more about Security Command Center Enterprise, please read our announcement blog and come visit us at booth N5644 at the RSA Conference in San Francisco. You can also watch our webinar on how Security Command Center Enterprise can help you manage cloud risk more effectively.
- aside_block
- <ListValue: [StructValue([('title', 'Join the Google Cloud CISO Community'), ('body', <wagtail.rich_text.RichText object at 0x3eaff34553a0>), ('btn_text', 'Learn more'), ('href', 'https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- Your insider’s guide to Google Cloud Security at RSA Conference 2024: From the show floor to keynotes to remote attendance, here’s your must-read guide to where Google Cloud Security will be at RSA Conference this year. Read more.
- 7 key questions CISOs need to answer to drive secure, effective AI: CISOs can prepare to secure AI in their organization by answering these seven vital questions. To help kickstart the process, we’ve provided suggested answers so CISOs can quickly get in the air. Read more.
- Prevent generative AI data leaks with Chrome Enterprise DLP: Enterprise security teams can implement reporting and enforcement policies in Chrome Enterprise Premium for data loss prevention (DLP) with gen AI. Read more.
- Google security innovation at the OCP Regional Summit: At the OCP Regional Summit, Google discussed security advancements including Caliptra for integrated root-of-trust, OCP S.A.F.E, and OCP L.O.C.K. Read more.
- Uncover potential threats to your web app with security reports: The Google security team uses the Reporting API to detect potential issues and identify the problems causing them. To easily replicate our approach to processing reports and acting on them, we offer an open-source solution. Read more.
- The power of choice: Empowering your regulatory and compliance journey: At Google Cloud, we know you have diverse regulatory, compliance, and sovereignty needs, so at Next ‘24 we announced new ways to expand your power of choice. Read more.
Please visit the Google Cloud blog for more security stories published this month.
Threat Intelligence news
- M-Trends 2024: Our view from the frontlines: This edition of our annual report continues our tradition of providing relevant attacker and defender metrics, and insights into the latest attacker tactics, techniques and procedures, along with guidance and best practices on how organizations and defenders should be responding to threats. Read more.
- Poll Vaulting: Cyber threats to global elections: The global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats as more than two billion voters are expected to head to the polls in 2024. Election cyber threat vectors present complexity, but also highlight that election interference attempts are a small segment of the overall threat landscape. Read more.
- FakeNet-NG levels up: Introducing interactive HTML-based output: FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network services to aid in malware research. We’ve now extended it to generate HTML-based output that enables you to view, explore, and share captured network data. Read more.
Now hear this: Google Cloud Security and Mandiant podcasts
- Looking back at the Next that just was: Cloud Security podcast hosts Anton Chuvakin and Tim Peacock talk Next ‘24, from fun security-related launches to interesting security sessions to creative new cloud security ideas born at the conference. Listen here.
- Defender’s Advantage: Assessing the state of multifaceted extortion operations: Cyber Crime Analysis team leader Kimberly Goody and lead analyst Jeremy Kennelly join host Luke McNamara to break down the current state of ransomware and data theft extortion. Listen here.
- Defender’s Advantage: Hunting for ‘living off the land’ activity: Mandiant consultants Shanmukhanand Naikwade and Dan Nutting join Luke McNamara to discuss how they track down threat actors utilizing “living off the land” techniques, and how those techniques differ from traditional malware-based attacks. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.