Jump to Content
Developers & Practitioners

Security Roundup - stories and launches from second quarter 2022

September 20, 2022
https://storage.googleapis.com/gweb-cloudblog-publish/images/Screen_Shot_2022-09-20_at_9.02.30_AM_ridmM.max-2600x2600.png
Sita Lakshmi Sangameswaran

Senior Developer Relations Engineer, Google

In the fast-moving world of security, Google Cloud continues to constantly update our products and services to help protect your data and your applications. In the second installment of this regular series, let’s dive into what’s new and cooking in Google Cloud Security.


For those of you curious to read the previous installment, we got you covered! :) 

Security Roundup - stories and launches from first quarter 2022


Updates from Cloud External Key Manager

Whether you keep your secrets on-prem or in the cloud, they need to be well protected. To help protect your External keys, Cloud External Key Manager (EKM) recently launched EKM over VPC that will provide your application with an extra layer of security. You can now use asymmetric keys for signing as EKM recognizes both RSA and Elliptic curve asymmetric keys. EKM also provides an additional Organizational policy level that lets you define what type of key you want to use.

Evolving Cloud External Key Manager – What’s new with Cloud EKM


Automatic data risk management for BigQuery using DLP

When you have tons of potentially sensitive data that needs to be analyzed for its risk profile, you can use Automatic Data Loss Prevention (DLP) with BigQuery to reduce the risk of data leaks. With this feature, DLP can be configured to run as a cron job over BigQuery data, which will report the results in a DataStudio dashboard. Automatic sync with DLP also provides insights and risk scores for each table in Chronicle which can then be used for enhancing threat detections.

Google launches Automatic DLP for BigQuery


reCAPTCHA Enterprise - Password leak detection

Passwords are one of the common forms of authentication and password reuse is a big threat to account protection. Never fear – reCAPTCHA Enterprise offers a simple way to verify if your passwords have been compromised. If reCAPTCHA finds out that your password has been leaked, it warns you so that you can secure your account. This feature coupled with Account Defender or multi-factor authentication can help secure your organization better. 

Announcing reCAPTCHA Enterprise password leak detection in GA


Error Remediation with Security Command Center

Security Command Center (SCC) released new finding types that alert customers when SCC is either misconfigured or configured in a way that prevents it from protecting your resources as expected. These findings provide remediation steps to return SCC to an operational state. Learn more and see examples: 

Remediating Security Command Center errors

What’s up with Cloud Armor?

Cloud Armor helps secure web applications by identifying DDoS and other web attacks. You can now customize the rate-limiting per client using new rule actions. Also, Cloud Armor provides capabilities to detect and manage bot traffic at network and application layers. reCAPTCHA Enterprise for WAF will help detect and manage bot activity at the network level, whereas Cloud Armor’s Adaptive Protection feature based on machine learning identifies Layer 7 attacks.

Announcing new Cloud Armor rate limiting, adaptive protection, and bot defense


GCP Security products <-> MITRE ATT&CK mappings

In our recent studies, we have released a comprehensive mapping between Google Cloud’s native security offerings and MITRE ATT&CK. This can help you choose the products for your security use cases. Read more about the mapping methodology here:

Announcing MITRE ATT&CK mappings for Google Cloud security capabilities


See you in the next installment of #SecurityRoundup! 


Posted in