Security
Reader small image

You're reading from  Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781835468869
Edition1st Edition
Concepts
Information Security
Right arrow
Authors (2):
Ankush Chowdhary
Ankush Chowdhary
author image
Ankush Chowdhary

With an unwavering focus on technology spanning over two decades, Ankush remains genuinely dedicated to the ever-evolving realm of cybersecurity. Throughout his career, he has consistently upheld a deep commitment to assisting businesses on their journey towards modernization and embracing the digital age. His guidance has empowered numerous enterprises to prioritize and implement essential cybersecurity measures. He has had the privilege of being invited as a speaker at various global cybersecurity events, where he had the opportunity to share his insights and exert influence on key decision-makers concerning cloud security and policy matters. Driven by an authentic passion for education and mentorship, he derives immense satisfaction from guiding, teaching, and mentoring others within the intricate domain of cybersecurity. The intent behind writing this book has been a modest endeavor to achieve the same purpose.
Read more about Ankush Chowdhary

Prashant Kulkarni
Prashant Kulkarni
author image
Prashant Kulkarni

In his career, Prashant has worked directly with customers, helping them overcome different security challenges in various product areas. These experiences have made him passionate about continuous learning, especially in the fast-changing security landscape. Joining Google 4 years back, he expanded his knowledge of Cloud Security. He is thankful for the support of customers, the infosec community, and his peers that have sharpened his technical skills and improved his ability to explain complex security concepts in a user-friendly way. This book aims to share his experiences and insights, empowering readers to navigate the ever-evolving security landscape with confidence. In his free time, Prashant indulges in his passion for astronomy, marveling at the vastness and beauty of the universe.
Read more about Prashant Kulkarni

View More author details
Right arrow

14

Security Command Center

In this chapter, we will look at the capabilities of Google’s Security Command Center. The exam typically has questions on how to configure and use Security Command Center (SCC) to monitor the security posture of your Google Cloud organization. You may also get questions on how to detect threats and vulnerabilities in your cloud environment and workloads. This is one of the critical aspects of security operations, so make sure you understand it very well.

In this chapter, we will cover the following topics:

  • Overview of SCC
  • Core services:
    • Cloud Asset Inventory
    • Detecting security misconfiguration using Security Health Analytics
    • VM Manager
  • Rapid vulnerability detection
  • Threat detection
  • Continuous compliance monitoring using SCC
  • Exporting SCC findings
  • Automating findings response

Overview of SCC

Google introduced SCC in mid-2018. SCC provides many features to monitor your organization’s security controls, detect threats, and use alerts to automate security responses.

Here are some of the key features of SCC:

  • Gain centralized visibility and control over your Google Cloud data and resources:
    • SCC gives enterprises centralized visibility of their cloud assets across App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Identity and Access Management (IAM) policies, Google Kubernetes Engine (GKE), and more.
    • SCC enables enterprises to quickly find out the number of projects in their environment, what resources are deployed, where sensitive data is located, and which service accounts have been added or removed. You can leverage the SCC REST API to access assets and findings and make it easier to integrate with existing systems.
    • You can view your Google Cloud asset history to understand exactly what changed in your environment and respond to...

Core services

Core services contribute to various parts of the security architecture of your Google Cloud organization for detection and alerting. The following diagram shows the core services offered by SCC.

Figure 14.1 – SCC core services

Figure 14.1 – SCC core services

As shown in Figure 14.1, SCC is a collection of various modules providing detection and alerting capability:

  • Cloud Asset Inventory (CAI): CAI provides full visibility of all assets in your Google Cloud organization. You can search by type of resources, projects, and locations. CAI also provides all IAM policies in your Google Cloud organization.
  • Vulnerability Findings: You can detect misconfigurations and vulnerabilities in your Google Cloud organization using SHA, VM Manager, WSS, and Rapid Vulnerability Detection.
  • Event Threat Detection (ETD): ETD is a collection of threat detection capabilities that provides alerts on threats to your Google Cloud organization. It will also alert threats to...

Cloud Asset Inventory

CAI provides a list of asset metadata for your cloud resources based on when they were created and/or updated. Note that the roles in SCC are assigned at various levels of your Google Cloud resource hierarchy. The amount of access you have determines your ability to see, edit, create, or change findings, assets, and security sources. Typically, security operations have access to see findings at the organization level, while project teams have access to see findings at the individual project level.

As a member of the security team, you need to know how to query assets to be able to quickly find what has changed in your cloud environment. For example, it would be highly suspicious behavior if you found accelerator-optimized machines (GPUs and HPC) being unexpectedly provisioned.

Let us go over various features of CAI so you can understand how it works and how to use it.

Listing assets

Assets are Google Cloud resources within your Google Cloud organization...

Detecting security misconfigurations and vulnerabilities

Most of the cloud threats that you will find will be due to security misconfigurations or a lack of understanding of how the cloud works. So, it is critical to understand how to find misconfigurations and how to quickly analyze and fix them. SCC reports findings from four categories of detectors:

  • Security Health Analytics
  • Rapid Vulnerability Detection
  • Web Security Scanner
  • VM Manager vulnerabilities

Now let us look at each of them to understand the details.

Security Health Analytics

SHA is a service within SCC that has built-in detectors to identify misconfigurations. SHA automatically scans your Google Cloud organization for known vulnerable configurations against compliance benchmarks such as CIS, PCI DSS, NIS 800-53, ISO 27001, and the OWASP Top 10. SHA scans begin around an hour after SCC is turned on and can be done in one of two modes: batch mode, which conducts scans twice a day, 12 hours...

Threat detection

Google Cloud provides several types of threat detection via SCC Premium:

  • Event Threat Detection
  • Container Threat Detection
  • VM Threat Detection
  • Anomaly Detection

Let us start with ETD.

Event Threat Detection

Event Threat Detection (ETD) is a built-in feature of the SCC Premium tier that watches your Google Cloud environment in real time and detects threats within your systems. New detectors are added to ETD regularly to discover emerging threats at cloud scale.

ETD produces security findings by matching events in your Cloud Logging and Google Workspace log streams to known indicators of compromise (IoCs). IoCs, developed by internal Google security sources, identify potential vulnerabilities and attacks. ETD also detects threats by identifying known adversarial tactics, techniques, and procedures in your logging stream, and by detecting deviations from the historically observed behavior of your Google Cloud organization.

Here are...

Continuous compliance monitoring

In a regulated organization, compliance takes precedence as it is mandated by regulations; however, compliance is now generally enforced by all security-conscious organizations, regardless of regulations. SCC provides the ability to continuously monitor your Google Cloud compliance posture by doing the following:

  • Identifying compliance violations in your Google Cloud assets helps you resolve them by following actionable suggestions
  • Reviewing and exporting compliance reports to ensure all your resources are meeting their compliance requirements
  • Supporting compliance standards, such as these:
    • Payment Card Industry Data Security Standard (PCI DSS v3.2.1)
    • International Organization for Standardization (ISO 27001)
    • National Institute of Standards and Technology (NIST 800-53)
    • Center for Internet Security (CIS) 1.0 and 1.1 benchmarks

Now let us look at how SCC supports these standards.

CIS benchmarks

SCC supports the following CIS benchmarks...

Automating a findings response

Google provides procedures for the following four types of SOAR products for exporting SCC alerts and findings:

  • Palo Alto Cortex XSOAR
  • Elastic Stack
  • Splunk
  • IBM QRadar

However, you can set up an integration using Pub/Sub to any other product if it can ingest and parse the Pub/Sub message.

Figure 14.2 – Automating SCC response

Figure 14.2 – Automating SCC response

Figure 14.2 shows an architecture of a simple workflow to automate a response based on SCC alerts and findings. The steps in the workflow are listed as follows. Each of these steps represents an action that can be taken either manually or automated. Understanding the various categories of threats and vulnerability findings is critical before building such a workflow.

Let us quickly run through these steps:

  1. SCC alerts and findings are exported to the SIEM tool of your choice. As you saw in the previous section, you can export alerts and findings using continuous...

Summary

In this chapter, we went over several capabilities of SCC. We learned how to use CAI, set up an export to BigQuery, and run SQL queries to understand your environment. We also went over how to detect security misconfigurations using SHA, VM Manager, WSS, and Rapid Vulnerability Detection. These are all critical capabilities before a security misconfiguration vulnerability becomes a threat. We learned about the threat detection capabilities of SCC in the form of ETD, CTD, VMTD, and anomaly detection. We also covered continuous compliance monitoring to understand how to apply industry standards to your cloud environment. Finally, we explored a simple architecture pattern for alerting.

In the next chapter, we will cover container security and look at how security measures are taken to protect containers and the applications and data that reside in them. This includes preventing unauthorized access and mitigating the risk of malicious code or attacks, as well as ensuring that...

Further reading

For more information on Google Cloud Security Command Center, refer to the following links:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 15 of 19
Next Chapter
You have been reading a chapter from
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Published in: Aug 2023Publisher: PacktISBN-13: 9781835468869
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Authors (2)

author image
Ankush Chowdhary

With an unwavering focus on technology spanning over two decades, Ankush remains genuinely dedicated to the ever-evolving realm of cybersecurity. Throughout his career, he has consistently upheld a deep commitment to assisting businesses on their journey towards modernization and embracing the digital age. His guidance has empowered numerous enterprises to prioritize and implement essential cybersecurity measures. He has had the privilege of being invited as a speaker at various global cybersecurity events, where he had the opportunity to share his insights and exert influence on key decision-makers concerning cloud security and policy matters. Driven by an authentic passion for education and mentorship, he derives immense satisfaction from guiding, teaching, and mentoring others within the intricate domain of cybersecurity. The intent behind writing this book has been a modest endeavor to achieve the same purpose.
Read more about Ankush Chowdhary

author image
Prashant Kulkarni

In his career, Prashant has worked directly with customers, helping them overcome different security challenges in various product areas. These experiences have made him passionate about continuous learning, especially in the fast-changing security landscape. Joining Google 4 years back, he expanded his knowledge of Cloud Security. He is thankful for the support of customers, the infosec community, and his peers that have sharpened his technical skills and improved his ability to explain complex security concepts in a user-friendly way. This book aims to share his experiences and insights, empowering readers to navigate the ever-evolving security landscape with confidence. In his free time, Prashant indulges in his passion for astronomy, marveling at the vastness and beauty of the universe.
Read more about Prashant Kulkarni

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages