By Robert Bui
Many organizations are migrating to cloud providers for infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) functions. By moving key applications and infrastructure in the cloud, enterprises are lowering operating costs and easing the administrative burden on IT organizations.
However, security is often an overlooked aspect of moving these key applications to the cloud. The cloud brings inherent risk, and some of the risk is hard to measure for security managers. System administrators can and are spinning up new services and hosts that increase the attack surface in customer networks. In addition, security managers are losing visibility and control in cloud and hybrid environments.
In order to tackle these challenges, you must have a good understanding of what is operating in that environment, whether it be cloud or hybrid, and what risk it poses to your business. This issue can be a difficult one to solve in traditional environments, and with more companies moving to cloud service providers, this issue becomes even more challenging.
To help with these issues, Tenable has partnered with Google to integrate services between the Google Cloud Platform and Tenable SecurityCenter Continuous View™ (SecurityCenter CV™). The Google Cloud Platform (GCP) can export logs via its publish and subscribe service. This helps security teams to gain visibility into several aspects of their cloud infrastructure with the assistance of Tenable SecurityCenter CV. SecurityCenter CV enables users to access crucial data via log collection from GCP that provides companies with the visibility needed to understand the risk introduced by their extended network.
Here are some examples of the type of information GCP and SecurityCenter CV can provide.
GCP log data
SecurityCenter CV will act as a first line of defense when attackers are doing reconnaissance on your Google Cloud infrastructure. GCP will feed SecurityCenter CV log data that will alert users when unauthorized and potentially malicious web application scans are taking place. This can give your security teams an indication that something malicious is potentially occurring.
SecurityCenter CV will alert users when new hosts are being used in the GCP environment. The impact of these particular alerts could be as simple as system administrators using too many resources or possibly attackers gaining a stronger foothold in your cloud environment.
Host level changes
SecurityCenter CV can also detect host level changes that occur in your cloud environment. These types of alerts will give security personnel potential indicators of compromise or visibility into an expanding attack surface.
Our goal at Tenable is to help our customers secure their IT environment regardless of whether that environment is physical, virtual, cloud or mixed. We’re excited to add this integration with Google Cloud Platform to the list of integrations with other cloud platforms. For more information on the Tenable integration with Google Cloud Platform, please download our datasheet.
Nessus® supports many cloud service providers, including Microsoft Azure, Rackspace, OpenStack, Amazon AWS, and is certified by the Center for Internet Security for the Amazon AWS Foundations benchmark. SecurityCenter Continuous View also supports auditing Salesforce, AWS CloudTrail, and several other cloud based services.
Source:: Tenable Blog