GCP – Introducing Security Command Center Enterprise: The first multicloud risk management solution fusing AI-powered SecOps with cloud security
The stakes have never been higher for managing cloud risks. With organizations of every size and in every industry pursuing cloud-first strategies, the cloud is now home to their most critical applications and data. Adversaries have picked up on this ongoing shift, too: APT groups known for regularly targeting corporate and government organizations are increasingly focused on attacking cloud infrastructure.
The current generation of cloud-native application protection platforms (CNAPPs) have helped reduce the number of point products used for multicloud security. However, they often remain stubbornly disconnected from broader security operations capabilities, where best-in-class solutions provide comprehensive visibility into risks and threats, and place just as much attention on efficient remediation of those risks.
To help our customers manage and mitigate risk in their multicloud environments, Google Cloud is announcing Security Command Center Enterprise, the industry’s first cloud risk management solution that fuses proactive cloud security and enterprise security operations — supercharged by Mandiant expertise.
Built on our Google security fabric, Security Command Center Enterprise can help to break down the silos of tools, teams, and data that separate cloud security and enterprise security operations. It prioritizes cloud risk management by integrating the critical response capabilities of modern SecOps with threat intelligence from Mandiant, so organizations can identify high-risk issues and drive accountability for keeping their multicloud environments safe.
CNAPPs are evolving to integrate more tightly with security operations. According to a Gartner® report written by analysts Neil MacDonald, Charlie Winckless, and Dale Koepen, “CNAPPs address the full life cycle protection requirements of cloud-native applications from development to production.”1 Gartner further asserts that “CNAPP vendors with threat research teams will help uncover cloud-specific vulnerabilities and risks and serve as a differentiation. The ownership will evolve between the SOC team and the cloud security team that is gaining influence for hybrid enterprises.”2
Converging cloud security and enterprise security operations
Our new solution can help organizations imagine a new reality, one where SIEM-powered visibility and SOAR-driven actionability is now brought into the world of cloud security. Security teams can get a single view of their posture controls, active threats, cloud identities, data, and more, while integrating remediation and issue accountability into the end-to-end workflows of a converged cloud risk management platform.
“Google security solutions can help our clients fortify their cyber defenses and protect their digital businesses.” said Upen Sachdev, Google Cloud Cyber Alliance leader and Deloitte Risk & Financial Advisory principal, Deloitte & Touche LLP. “Security Command Center Enterprise is designed to dismantle the operational silos that interfere with better cloud risk management by converging modern SecOps and leading cloud security.”
Powered by Google security fabric
Security Command Center Enterprise is powered by Google’s security fabric, which incorporates a planet-scale data lake that ingests and analyzes the volume of cloud data needed to build dynamic security graphs and to understand the complex relationships in multicloud environments. It integrates threat intelligence from Mandiant to automatically help identify and defend against new and novel attacks.
Generative AI has also been integrated to simplify the cloud security lifecycle for experts and less-experienced users alike, from initial identification and understanding of complex security issues, through investigation and guided remediation.
Integral to our security fabric is a continuous risk engine that constructs a digital twin model of the cloud environment, developing an in-depth understanding of complex cloud relationships. It then plays the role of a sophisticated and motivated attacker to predict where an attacker could strike, what cloud resources would be exposed, and the possible blast radius of a successful attack.
Easy-to-interpret attack path visualizations and detailed risk scoring give reactive security teams the proactive insight they need to stay ahead of adversaries. Additionally, the dynamic discovery of toxic combinations that lead to high-risk exposures, specific to each cloud environment, is a material step beyond the use of basic fixed rules that treat all clouds the same.
You can watch a product demo to see Security Command Center Enterprise in action.
Integrated with on-demand Mandiant expertise
Security Command Center Enterprise integrates Mandiant Hunt, offering on-demand human expertise that can become an extension of internal security operations teams. It makes hundreds of elite-level analysts and researchers available on-call to proactively find elusive threats that evade traditional mechanisms. It can help to close the skills gap, too, reducing the need for hiring expensive talent and investments in specialized tooling.
Security Command Center Enterprise is built on the same underlying technology platform that delivers our modern Security Operations capabilities, putting Google scale and speed to work protecting our customers’ multicloud environments. Vulnerabilities, misconfigurations, and threats are analyzed and assigned to cases for analysts to investigate and attach to out-of-the-box playbooks for prevention and remediation. Bringing together security and SecOps teams empowers more professionals, with broader skill sets, to directly act on issues that impact cloud risk.
Security Command Center Enterprise
Designed for multicloud environments
Security Command Center protects thousands of Google Cloud customers today. Our new solution builds on this product foundation, with an expanded set of capabilities to secure our customers’ Google Cloud, Amazon Web Services, and Microsoft Azure environments. Capabilities include:
Agentless and agent-based vulnerability management for finding security weaknesses in virtual machines, containers, and more;Security posture management to uncover cloud misconfigurations that could create to gaps in defenses;Threat detection using specialized technology built into the cloud infrastructure, and threat rules and indicators of compromise (IOCs) curated by Mandiant incident response teams and threat researchers;Integrated response workflows to efficiently remediate threats, misconfigurations, and vulnerabilities;Attack path visualization for understanding resource relationships and methods that attackers could use to infiltrate your environment;Google-recommended preventative and detective security controls designed for AI workloadsPosture and governance controls giving DevOps and DevSecOps teams the ability to design and monitor security guardrails for their cloud infrastructureCloud Identity and Entitlement Management (CIEM) for managing identities and privileges to help organizations move to a least-privileged access security model;Data security posture management (DSPM) for finding, categorizing, and managing sensitive data in cloud environments;And shift-left security capabilities for discovering issues before runtime. These include our Assured Open Source Software, that can provide developers with access to thousands of software packages tested and validated by Google, and infrastructure as code (IaC) scans of files and CI/CD pipelines to help identify resource violations.
“We’re helping organizations build more resilient cybersecurity programs by combining Accenture and Google Cloud’s expertise,” said Rex Thexton, CTO and cyber protect lead, Accenture Security. “Security Command Center Enterprise will enable us to help protect our clients’ cloud deployments, bringing the scale, speed, and effectiveness we get from Google’s Security Operations platform, enhanced with Mandiant threat intelligence and Google’s AI.”
“In testing Google’s Security Command Center Enterprise, our PwC team was impressed with its capabilities,” said Prakash Venkata, principal at PwC. “As our clients continue to reinvent their businesses in the cloud, their cloud security should expand accordingly. That’s why we’re excited to bring this product to market together, as Google’s solution is critical to helping our joint customers effectively mitigate risks in their multi-cloud environments.”
Security Command Center Enterprise is expected to be generally available in the coming weeks via subscription, with simple cloud workload-based pricing. Existing Security Command Center Premium subscription customers can upgrade to the new solution for enhanced protection of their Google Cloud environment at no additional cost for their current subscription.
Take the next step
To evaluate Security Command Center Enterprise, please contact a Google Cloud field sales representative or authorized Google Cloud partner. You can also join our new Security Command Center user community for the latest product news and technical advice.
A wealth of information about Security Command Center Enterprise will be presented at Google Cloud Next ‘24, including these technical breakout sessions:
Go beyond multi-cloud CNAPP security with Security Command Center EnterprisePrioritize and manage cloud risks with a Risk Engine built for cloud securityEnsure the health of cloud resources: How to address software vulnerabilities and identity riskNew posture and IaC protection in Security Command Center EnterpriseNew multi-cloud threat detection, investigation, and response in Security Command Center Enterprise
You can register here for Next ‘24.
1. Gartner, Market Guide for Cloud-Native Application Protection Platforms, 14 March 2023.
2. Gartner, Emerging Tech: The Future of Cloud-Native Security Operations, 18 October 2023. Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved
Read More for the details.