Are you currently experiencing an attack?

Are you currently experiencing an attack?

Cloud Security Command Center and Reblaze

Last week at Cloud Next ’19, Google dedicated a session to Cloud Security Command Center (Cloud SCC), announcing its general release. During the session, several third-party integrations were described, including Reblaze.

Users of Google Cloud Platform now have some important new capabilities for enhancing security and managing data risk.

What is Cloud Security Command Center?

Cloud SCC is a comprehensive security management and data risk platform for GCP. It is designed to help GCP security teams prevent, detect, and respond to threats from a single pane of glass.

Cloud SCC provides a number of capabilities. Some are built in, while others are provided by separate tools that are fully integrated with it.

Among these capabilities are:

  • Asset Discovery and Inventory. GCP users can automatically track changes (additions, modifications, and deletions) to their cloud assets across App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud.
  • Sensitive Data Identification. Cloud SCC identifies potential data risks: for example, storage buckets which are exposed to the Internet, or which contain regulated data such as PII.
  • Access Control Monitoring. This helps GCP users ensure that appropriate access control policies are in place across cloud resources, and Cloud SCC issues alerts when policies are misconfigured or unexpectedly change.
  • Anomaly Detection. This identities certain types of hostile actors (such as botnets) or attempted hostile usage of cloud resources (such as cryptocurrency mining).
  • Application Vulnerability Detection. This automates the discovery of common vulnerabilities such as cross-site-scripting (XSS) and Flash injection.
  • Third-party Security Tool Inputs. Cloud SCC can accept data from other tools. At Cloud Next ’19, Google announced that Reblaze integrates with Cloud SCC. This integration provides a variety of additional benefits, discussed further below.

Reblaze and Google Cloud Platform

Reblaze Technologies is a Google Cloud partner, and the Reblaze platform runs natively on GCP, leveraging many of its capabilities.

This includes Cloud Armor, which was added to GCP last year. To better understand Reblaze’s integration with Cloud SCC, a brief discussion of its integration with Cloud Armor will be helpful.Cloud Security Command Center and Reblaze - Reblaze Traffic Flow

Cloud Armor provides automated defenses against several types of web attacks, such as volumetric DDoS. It also has the capability of enforcing rules and policies to defeat other types of attacks. This requires Cloud Armor users to manually configure and maintain its security rulesets.

Reblaze automates this process, serving as a ‘security engine’ for Cloud Armor. Reblaze provides a rich and robust set of rulesets (updated and maintained automatically), self-learns and adapts to the ever-changing Internet threat environment, and includes a full positive security model (so that it can ingest and enforce APIs and web schemas).

When a web attack is attempted, Reblaze detects it and updates Cloud Armor, which immediately blocks the attack at the edges.

(At last year’s Cloud Next conference, Google highlighted Reblaze’s integration with Cloud Armor, and during a keynote session, gave a live demo of Reblaze and Cloud Armor defeating an attack.)

The combination of Reblaze and Cloud Armor provides robust, automated protection against web threats. But until now, there was still a missing piece: GCP-integrated monitoring and display of web security events from Reblaze as they occurred.

Thanks to Cloud SCC, this is no longer true.

Reblaze and Cloud Security Command Center

Cloud SCC inherently provides a number of actionable security insights. To these, Reblaze adds streaming data about dynamic security events.

Most web security solutions track incoming traffic based on single-dimensional factors such as signatures and IP addresses. Reblaze goes beyond this and identifies attackers using multiple identifiers: IP, headers, cookies, advanced environment detection, even POST body arguments. Thus, Reblaze can detect and block abuse even when an attacker rapidly rotates IPs, or when an attack is performed simultaneously across multiple addresses.

In addition to the above, Reblaze also adds a time dimension, maintaining a history for each requestor. By monitoring behaviors and resource consumption over time (in terms of quantity, pace, rhythm, types & methods, etc.), Reblaze can enforce sophisticated time-based requirements: for example, restricting the frequency at which a given URL can be requested, or limiting the amount of data consumption during a specific time, or blocking Layer 7 anomalies.

Thus, Reblaze and Cloud SCC together offer deep insights — not only into the security of cloud assets, but also about the web traffic trying to access those assets, and the hostile activity that’s being detected and blocked.

Summary

The general release of Cloud Security Command Center, and its integration with Reblaze, provide significant new additions to GCP’s security capabilities.

Cloud SCC makes it easier to prevent, detect, and respond to threats. Cloud Armor provides defense at scale against other types of attacks. Reblaze automates and greatly extends Cloud Armor’s defensive scope, and streams dynamic event data into Cloud SCC.

Google Cloud Platform users now have automated tools to reduce vulnerabilities, prevent potential threats, and defeat attacks, while monitoring it all from one central dashboard.

If you’d like to see this in action, feel free to contact us for a demo.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.