GCP – New asset query simplifies asset inventory management in Security Command Center
As our cloud customers scale their environments, they need to manage cloud resources and policies. Our biggest customers have millions of assets in their Google Cloud environments. Securing growing environments requires tools to help discover, monitor, and secure cloud assets. To help, Security Command Center (SCC), our security and risk management solution, now includes new asset query functionality designed to make it easier for IT and security teams to identify assets in large, complex environments.
Security Command Center users can now perform SQL-like queries to get detailed information on where assets are located and how they are configured. This includes enumerating assets based on resource type, resource relationship, operating system configuration, and organizational policy metadata. Asset query runs on top of our near real-time metadata store of more than 275 Google Cloud asset types across compute, network, storage, and more.
How we made asset queries easy
To make asset query easy, we made it a fully-managed capability, so there is minimal setup. SCC users can jump right into writing simple queries. This eliminates the need to export asset data, configure a data warehouse such as Big Query, or employ expensive third-party tools that require manual query operations.
Next, we made it simple for users who may not be comfortable authoring queries by including a library of pre-built queries to help answer common environmental or postural questions, such as:
Which storage buckets are publicly accessible?
Which user-managed service account keys are old, but still in use?
How many assets of a particular type are deployed in my project?
We also made it easy to see the relationships between assets in the environment. For example, with a single query users can discover which services make up a defined App Engine application, or they can quickly determine if a specific GKE cluster has a particular node.
Getting a historical view of Google Cloud assets
In addition to an accurate inventory of their current cloud assets, IT and security teams need the ability to review the history of their cloud environment, including what changed and when changes were made. With asset query, SCC users can quickly view their inventory status at any point during the prior 35 days, and see what changes occurred during a specified time range up to seven days, such as:
How many VM instances in the us-east region did my organization have at 2:00 PM yesterday?
What configuration changes occurred to my VMs in the us-west region in the past five days?
Query results are easily shared with internal stakeholders by exporting results via a simple CSV file, or by exporting to BigQuery.
To learn more about the asset query capabilities now available in Security Command Center Premium, please visit: https://cloud.google.com/asset-inventory/docs/query-assets. To get started with SCC, contact a Google Cloud sales representative.
Read More for the details.

 
                                                                    