>

Cloud SCC conceptual overview

Introduction

Cloud Security Command Center (Cloud SCC) is the canonical security and risk database for Google Cloud Platform (GCP). Cloud SCC is an intuitive, intelligent risk dashboard and analytics system for surfacing, understanding, and remediating GCP security and data risks across an organization.

Actionable security insights

Cloud SCC helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and data risk so that you can quickly mitigate threats to your cloud resources across your organization and evaluate overall health. Cloud SCC provides a single, centralized dashboard so you can:

  • View and monitor an inventory of your cloud assets.
  • Scan storage systems for sensitive data.
  • Detect common web vulnerabilities and anomalous behavior.
  • Review access rights to your critical resources in your organization.

Gain visibility into your cloud data and services

Cloud SCC gives enterprises consolidated visibility into their cloud assets across their organization. You can quickly understand the number of projects you have, what resources are deployed, where sensitive data is located, and how firewalls rules are configured. With ongoing discovery scans, enterprises can view asset history to understand exactly what changed in their environment and act on unauthorized modifications.

Powerful insights to help enhance your security posture

Cloud SCC provides powerful security insights about your cloud resources. With this tool, security teams can answer questions like "Which Cloud Storage buckets contain PII?", "Do I have any buckets that are open to the Internet?" and "Which cloud applications are vulnerable to XSS vulnerabilities?". By applying ongoing security analytics and threat intelligence, enterprises can assess their overall security health in a central dashboard and take immediate action on security risks.

Flexible platform to meet your security needs

Cloud SCC integrates with GCP security tools like Cloud Security Scanner and Cloud Data Loss Prevention (Cloud DLP), and third-party security solutions from Cloudflare, CrowdStrike, Palo Alto Networks, Qualys, and RedLock. Cloud security insights from partner products are aggregated in Cloud SCC and can be fed into existing systems and workflows.

Cloud SCC features

Feature Name Feature Description
Asset discovery and inventory Discover your assets, data, and GCP services across your organization and view them in one place. Review historical discovery scans to identify new, modified, or deleted assets.
Sensitive data identification Find out which storage buckets contain sensitive and regulated data using Cloud DLP. Help prevent unintended exposure and ensure access is based on need-to-know. Cloud DLP integrates automatically with Cloud SCC.
Application vulnerability detection Uncover common vulnerabilities like cross-site-scripting (XSS) and Flash injection that put your App Engine applications at risk with Cloud Security Scanner. Cloud Security Scanner integrates automatically with Cloud SCC.
Access control monitoring Help ensure the appropriate access control policies are in place across your cloud resources and get alerted when policies are misconfigured or unexpectedly change. Forseti, the open source security toolkit for GCP, integrates with Cloud SCC.
Anomaly detection from Google Identify threats like botnets, cryptocurrency mining, anomalous reboots, and suspicious network traffic with built-in anomaly detection technology developed by Google.
Third-party security tool inputs Integrate output from your existing security tools such as Cloudflare, CrowdStrike, Palo Alto Networks, Qualys, and RedLock into Cloud SCC to detect DDoS attacks, compromised endpoints, compliance policy violations, network attacks, and instance vulnerabilities and threats.
Real-time notifications Get Cloud SCC alerts via email and SMS with Cloud Pub/Sub notification integration.
REST API and Client SDKs Use the Cloud SCC REST API or client SDKs for easy integration with your existing security systems and workflows.

When to use Cloud SCC

Cloud SCC currently focuses on asset inventory, discovery, search, and management. Use Cloud SCC when you want to understand your security and data attack surface and answer questions like:

  • How many projects you have, and how many projects are new
  • What GCP resources are deployed, like Compute Engine, Cloud Storage, or App Engine
  • What services are in use, such as Virtual Machines (VMs) or buckets
  • What's your deployment history
  • What images are running on your VMs
  • What IP addresses are open to the public
  • How to organize, annotate, search, select, filter, and sort across the following categories:
    • Assets and Asset Properties.
    • Findings, which are potential security risks related to your assets, and finding properties like the type of risk.
    • Security marks, which enable you to annotate assets or findings in Cloud SCC.
    • Time period.

How Cloud SCC works

Cloud SCC creates a unified inventory of your GCP resources, like organization, projects, instances, and applications with the vulnerability and threat findings from GCP native, 3rd party partners, and your own security detectors and finding sources. Cloud SCC enables you to generate curated insights that provide a unique view of incoming threats and attacks to your assets.

Assets Summary

Cloud SCC asset discovery runs at least once each day. You can manually re-scan from within Assets Summary on demand. Assets discovery uses your Cloud SCC organization hierarchy to curate a list of your existing and new assets.

Native security findings

Cloud SCC integrates with the native GCP Cloud DLP scanner, Cloud Anomaly Detection, Cloud Security Scanner, and Forseti to surface potential security risks in your assets. These scanners operate regularly to track asset changes over time. You can use Cloud SCC to inspect your current and past asset states, and compare assets between two points in time.

Your own security findings

In addition to native security findings, you can integrate findings from your own or third-party sources for GCP resources or hybrid or multi-cloud resources. For more information, see adding security sources.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.