Security Command Center – Tips and Techniques for Advanced Auditing

Security Command Center

Security Command Center provides centralized visibility into the security posture and status of the GCP environment. According to GCP’s documentation, “Security Command Center ingests data about new, modified, and deleted assets from Cloud Asset Inventory, which continuously monitors assets in your cloud environment. Security Command Center supports a large subset of Google Cloud assets. For most assets, configuration changes, including IAM and organization policies, are detected in near-real time.” You can get to Security Command Center from the Google Cloud Console, as shown in Figure 6.29:

Figure 6.29 – Security Command Center

Security Command Center requires an organization resource that is associated with a domain. As a result, you will need to create an organization, as shown in Figure 6.30.

Figure 6.30 – The Admin console

Note

For detailed information on setting up Security Command Center, please view the Google Cloud Documentation at https://cloud.google.com/security-command-center/docs/set-up.

Once the organization is set up, you need to enable the Security Command Center dashboard, as shown in Figure 6.31:

Figure 6.31 – The Security tab

Next, select the services you would like to set up, as shown in Figure 6.32:

Figure 6.32 – Services setup

Once Security Command Center is fully configured, we can go and review the security posture of the GCP environment. There are five important tabs to review; they include OVERVIEW, VULNERABILITIES, ASSETS, FINDINGS, and SOURCES:

• OVERVIEW: Provides a snapshot of the security state, as seen in Figure 6.33:

Figure 6.33 – Security Command Center | OVERVIEW

VULNERABILITIES: Provides a list of the vulnerabilities found when last scanned. In our example, we have an MFA not enforced vulnerability with a High severity, as seen in Figure 6.34: