Introducing new ways Security Command Center Premium protects identities

After decades of managing and securing identities in data centers, security and IT operations teams face new challenges when detecting identity compromise in their public cloud environments. Protecting cloud service accounts against leaked keys, privilege escalation in complex authorization systems, and insider threats are vital tasks when considering the threat landscape.

Security Command Center Premium, our built-in security and risk management solution for Google Cloud, has released new capabilities to help detect compromised identities and protect against risks from external attackers and malicious insiders. 

Why identity security is complex

In Google Cloud, there are three types of principals used to manage identities:

Once a principal has been defined, the IT team needs to assign it the correct permissions to access Google Cloud resources. Permissions are assigned based on roles, which govern what resources may be accessed. In some cloud environments, it makes sense for one principal to legitimately act with the permissions of another principal. This is referred to as service account impersonation.

Using Groups can make managing identities even more complex. For example, Groups can consist of users that are either inside or outside the organization. Further, Groups can contain other Groups, including those from outside the organization.

While this framework offers organizations flexibility and efficiency in managing cloud identities and resources, the potential complexity, especially at scale, can be a source of risk.

Importance of identity threat detection in cloud

Identity Access Management (IAM) policies govern how principals can access data, create new compute instances, and modify security settings in Google Cloud projects, folders, and organizations. Security Command Center Premium can detect risky IAM policy changes and behavior by principals that may indicate possible account takeover. Detection happens over the full attack chain, from initial credential access and discovery, thorough privilege escalation, and finally attacker persistence. 

Security Command Center Premium is able to provide these differentiated detection capabilities because it is engineered into the Google Cloud infrastructure, and has first-party access to core platform services such as Google Groups. It operates within carefully reviewed security and privacy controls to keep Google Cloud customer data private. 

New identity threat detectors in Security Command Center Premium

Security Command Center Premium includes new detections for:

These new detectors augment Security Command Center’s existing defenses against common identity threats:

Securing a cloud environment requires the ability to detect identity-based threats. Security Command Center continues to augment detection and remediation capabilities for Google Cloud customers. Go to your Google Cloud console to get started today with these new capabilities in Security Command Center.

Related posts

Making Chrome better for your enterprise users with Chrome Browser Cloud Management

by Cloud Ace Indonesia
1 year ago

Using Pacemaker for SAP high availability on Google Cloud – Part 1

by Kartika Triyanti
2 years ago

Year in Review for BigQuery User Friendly SQL

by Cloud Ace Indonesia
2 years ago