Google’s Security Command Center Enterprise fills gaps across cloud security lifecycle

Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle. Google Cloud has identified gaps in the protection provided by current cloud-native application protection platforms (CNAPPs) and introduced SCC Enterprise as a solution to better guard against emerging threats.

“There are two things that Security Command Center Enterprise addresses compared with previous solutions: tighter integration between cloud and enterprise security and coverage across multi-cloud rather than just operating in silos,” Narayana Pappu, CEO at Zendata, a San Francisco-based provider of data security and privacy compliance solutions said in an interview. “Automation and integration of Gen AI brings efficiencies that will save teams time as well.”

According to Suni Potti, VP/GM of Google Cloud Security, the new platform integrates Mandiant Threat Intelligence with modern SecOps capabilities, enabling swift responses to cloud security incidents through “SIEM-powered visibility and SOAR-driven accountability.”

SCC Enterprise provides a single view

“Security teams can get a single view of their posture controls, active threats, cloud identities, data, and more, while integrating remediation and issue accountability into the end-to-end workflows of a converged cloud risk management platform,” Potti wrote in a blog post.

Google’s SCC Enterprise is built to analyze security data across different cloud platforms and visualize it in easy-to-understand visuals. It uses AI to help people who aren’t experts in managing complex cloud security. The system also includes Mandiant Hunt’s threat intelligence, which security teams can access whenever they need extra know-how. SCC Enterprise expands on what Google’s regular security services offer. It has more advanced tools for handling security threats in Google Cloud, Amazon Web Services (AWS), and Microsoft Azure, the company claims. The focus is on finding and fixing vulnerabilities and detecting specific kinds of threats that can happen in cloud setups.

Responding to IaaS threat and misconfigurations

The idea behind SCC Enterprise is to streamline responses to threats and misconfigurations within infrastructure as a service (IaaS) platforms like Google Cloud, AWS, and Azure by adding in native threat intelligence and a more flexible, workflow-based response toolkit, Guy Rosenthal, vice president, product, at DoControl, a New York City-based provider of automated SaaS security said in an interview. Google’s solution aims to speed up the process of fixing security issues, which could lower risk by reducing the time systems are vulnerable and minimizing delays caused by human response.

“In terms of bringing threat intelligence to CNAPP with Mandiant and GenAI tools, I expect Google to add significant value for potential customers,” Rosenthal added. “This should make cooperation between DevOps/Cloud operators and SecOps/Security teams easier and more efficient.”

However, Rosenthal was uncertain about the benefits of incorporating the workflow engine directly, indicating that its effectiveness remains to be seen. “The value of reduced response time will have to be weighed against the operational burden and opportunity cost of having multiple systems that do the same function (SOAR) that must be implemented and maintained,” he added.

Rosenthal pointed out that there’s intense competition in the cloud-native application protection platform (CNAPP) market. Microsoft has Defender for Cloud as a long-standing entry generally included in Microsoft enterprise licensing. “For organizations that desire more features, all of the major SASE/SSE vendors have a CNAPP offering: Palo Alto Networks, Zscaler, etc,” he added. “In addition, there are key innovators in this space that are gaining significant traction in the market, like Wiz, Lacework, and Ermetic (now part of Tenable),” Rosenthal said. “About the only major infrastructure or security player without a CNAPP offering is AWS, who, so far, has chosen to partner rather than to play directly in this space.”

According to security consultant John Bambenek, Google’s acquisitions of security firms like SIEMplify and Mandiant enable the company to enhance its security offerings. The company aims to lure users away from Microsoft’s Office 365 ecosystem and into Google Workspaces. “As long as you are on Google products, it works out pretty good,” he added. “But once you add in other vendors’ products (Azure AD, AWS, etc.), the native functionality starts dropping off.”