谷歌中国开发者社区 (GDG)
  • 主页
  • 博客
    • Android
    • Design
    • GoogleCloud
    • GoogleMaps
    • GooglePlay
    • Web
  • 社区
    • 各地社区
    • 社区历史
    • GDG介绍
    • 社区通知
  • 视频
  • 资源
    • 资源汇总
    • 精选视频
    • 优酷频道

Cloud Security Command Center is now in beta and ready to use

2018-12-06adminGoogleCloudNo comments

Source: Cloud Security Command Center is now in beta and ready to use from Google Cloud

If you’re building applications or deploying infrastructure in the cloud, you need a central place to help understand your security posture, put it in a business context, and act on changes. In March, we announced Cloud Security Command Center in alpha, becoming the first major cloud provider to offer organization-level visibility into assets, vulnerabilities, and threats. Starting today, this security service is available to Google Cloud Platform (GCP) customers in beta.

This beta release comes with a number of new features, including:

  • Expanded coverage across GCP services including Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Container Registry, Kubernetes Engine, and Virtual Private Cloud
  • 13 IAM roles added for fine grained access control across Cloud SCC
  • New examples of how to generate notifications when changes occur, or to trigger Cloud Functions from a Cloud SCC query
  • Ability to view and search for new, deleted, and total assets over a specified time period
  • Expanded client libraries including Java, Node, and Go
  • Expanded capabilities to manage asset discovery
  • Self-serve onboarding via GCP Marketplace
  • Self-serve partner security sources, such as Cavirin, Chef, and Redlock, via GCP Marketplace

Cloud Security Command Center (Cloud SCC) provides security teams with insight into infrastructure, configuration, application and data risk so that you can quickly address vulnerabilities, mitigate threats to your cloud resources and evaluate your overall security posture. With Cloud SCC, you can view and monitor an inventory of your cloud assets, be alerted to security anomalies, scan cloud storage to discover where you are storing sensitive data, detect common web vulnerabilities, and review access rights to your critical resources, all from a single, centralized data platform and dashboard.

Cloud Security Command Center gives us unprecedented visibility into the security posture of our VM instances and containerized workloads running within GCP. With this security service, we can quickly review and assess risks across all our GCP assets. Alexander Schuchman, Director Information Security, Colgate-Palmolive

Cloud SCC is the best way to get started assessing and remediating security risks in your GCP environment. Here are three ways to use the service today:

1. Assess security risks and vulnerabilities

The Cloud SCC dashboard presents findings that help you quickly uncover security risks and potential vulnerabilities and threats. For example, you can view which Cloud Storage buckets are publicly accessible, identify VMs with public addresses, discover overly permissive firewall rules, and be alerted to instances that may have been compromised to perform coin mining. You can also easily see if users outside of your designated domain, or GCP organization, have access to your resources.

discover non-org owners.png
Use Cloud SCC to quickly discover non-org owners with access to GCP resources
uncover VMs.png
With Cloud SCC, you can uncover VMs that are exposed to the internet

2. View and act on changes to your GCP assets

Cloud SCC gives you a comprehensive inventory of your cloud assets across numerous GCP services including App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud. You can also view the inventory of your service accounts.

Using asset inventory, you can view resources for the entire GCP organization or just for particular projects. Cloud SCC performs ongoing discovery scans, allowing you to see asset history to understand exactly what’s changed in your environment and act on unauthorized modifications. With the assets display, you can see new, deleted, and total assets for a specified time period.

You can also generate notifications when changes occur and trigger Cloud Functions from a Cloud SCC query. For example, you can configure an action to automatically detect policy changes on a network firewall and then restore it back to a secure state, or detect when a Cloud Storage bucket becomes publicly accessible and then revert back to private access.

3. Integrate security findings from Google and other cloud security leaders

Cloud SCC is a flexible platform that integrates with Google Cloud security services such as Data Loss Prevention (DLP) API, Forseti, Cloud Security Scanner, and anomaly detection from Google as well as with third-party cloud security solutions from vendors such as Cavirin, Chef,  and Redlock. By integrating partner solutions with Cloud Security Command Center, you can get a comprehensive view of risks and threats all in one place without having to go to separate consoles. You can also jump from the Cloud SCC dashboard directly into these third-party tools to help speed remediation efforts.

integrates.png
Cloud SCC integrates with leading third-party cloud security vendors

Cloud SCC can help you get a better handle on the security of your GCP environment today. Visit the Cloud SCC webpage for a product overview and documentation. You can start using Cloud SCC today, straight from GCP Marketplace.

Learn more about the Cavirin and Chef integrations.

除非特别声明,此文章内容采用知识共享署名 3.0许可,代码示例采用Apache 2.0许可。更多细节请查看我们的服务条款。

Tags: Cloud

Related Articles

Is that a device driver, golf driver, or taxi driver? Building custom translation models with AutoML Translate

2018-10-05admin

A process for implementing industrial predictive maintenance: Part II

2018-10-20admin

Choosing your cloud app migration order

2018-11-09admin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Recent Posts

  • Setting a course to the future of cloud computing
  • Analyze this—expanding the power of your API data with new Apigee analytics features
  • Hello, .dev!
  • Google announces intent to acquire Alooma to simplify cloud migration
  • Google announces intent to acquire Alooma to simplify cloud migration

Recent Comments

  • Chen Zhixiang on Concurrent marking in V8
  • admin on 使用 Android Jetpack 加快应用开发速度
  • 怪盗kidou on 使用 Android Jetpack 加快应用开发速度
  • 鸿维 on Google 帐号登录 API 更新
  • admin on 推出 CVPR 2018 学习图像压缩挑战赛

Archives

  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 1970

Categories

  • Android
  • Design
  • Firebase
  • GoogleCloud
  • GoogleDevFeeds
  • GoogleMaps
  • GooglePlay
  • Google动态
  • iOS
  • Uncategorized
  • VR
  • Web
  • WebMaster
  • 社区
  • 通知

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

最新文章

  • Setting a course to the future of cloud computing
  • Analyze this—expanding the power of your API data with new Apigee analytics features
  • Hello, .dev!
  • Google announces intent to acquire Alooma to simplify cloud migration
  • Google announces intent to acquire Alooma to simplify cloud migration
  • New UI tools and a richer creative canvas come to ARCore
  • Introducing PlaNet: A Deep Planning Network for Reinforcement Learning
  • AI in depth: monitoring home appliances from power readings with ML
  • AI in depth: monitoring home appliances from power readings with ML
  • AI in depth: monitoring home appliances from power readings with ML

最多查看

  • 谷歌招聘软件工程师 (21,022)
  • Google 推出的 31 套在线课程 (20,113)
  • 如何选择 compileSdkVersion, minSdkVersion 和 targetSdkVersion (18,698)
  • Seti UI 主题: 让你编辑器焕然一新 (12,684)
  • Android Studio 2.0 稳定版 (8,963)
  • Android N 最初预览版:开发者 API 和工具 (7,934)
  • 像 Sublime Text 一样使用 Chrome DevTools (5,949)
  • Google I/O 2016: Android 演讲视频汇总 (5,519)
  • 用 Google Cloud 打造你的私有免费 Git 仓库 (5,500)
  • 面向普通开发者的机器学习应用方案 (5,200)
  • 生还是死?Android 进程优先级详解 (4,971)
  • 面向 Web 开发者的 Sublime Text 插件 (4,137)
  • 适配 Android N 多窗口特性的 5 个要诀 (4,103)
  • 参加 Google I/O Extended,观看 I/O 直播,线下聚会! (3,475)
© 2018 中国谷歌开发者社区 - ChinaGDG