This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

AWS threat and vulnerability detection in SCCE

Posted on 05-17-2024 02:00 AM
andras
Staff
Reply posted on --/--/---- --:-- AM

Today's enterprises rarely rely on a single cloud provider. Hybrid and multi-cloud strategies have become the norm, offering flexibility and avoiding vendor lock-in. However, this diversity can make security management complex. Google Cloud's multi-cloud security initiatives aim to address this challenge head-on.

You can now connect Security Command Center to Amazon Web Services for the following capabilities:

  • Detect threats and vulnerabilities
  • Assess the risk exposure of your high-value AWS resources
  • Assess compliance with security standards

Connect to AWS for threat detection

Certain threat investigation capabilities in the Enterprise tier of Security Command Center are powered by Google Security Operations, including curated detections which enable you to identify patterns in both Google Cloud and AWS data.

If you plan to use curated detections, make sure to review information about supported log types. Each rule set requires certain data to function as designed, including one or more of the following:

  • AWS CloudTrail logs
  • AWS GuardDuty
  • AWS VPC Flow
  • AWS CloudWatch
  • AWS Security Hub
  • AWS context data about hosts, services, VPC, and users

To use these curated detections, you must ingest AWS data to Google Security Operations, and then enable the curated detection rules. For information about how to configure the ingestion of the AWS data, see Ingest AWS logs into Google Security Operations in the Google SecOps documentation. For information about how to enable curated detection rules, see Use curated detections to identify threats in the Google SecOps documentation.

Connect to AWS for vulnerability detection and risk assessment

You can connect Security Command Center Enterprise tier to your AWS environment so that you can complete the following:

  • Review and remediate findings (which includes threats and vulnerabilities) from AWS
  • Create and manage a security posture for AWS
  • Identify potential attack paths from the public internet to your high-value AWS assets
  • Map compliance of AWS resources with various standards and benchmarks

Connecting Security Command Center to AWS creates a single place for your security operations team to manage and remediate threats and vulnerabilities across Google Cloud and AWS.

Connect to AWS for vulnerability detection and risk assessment

https://cloud.google.com/security-command-center/docs/connect-scc-to-aws

Connect to AWS for threat detection 

https://cloud.google.com/security-command-center/docs/connect-secops-aws

3 1 882
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
vaskenh
Staff
Reply posted on --/--/---- --:-- AM

Nice post Andras!

0 Likes
Top Solution Authors
View all