The solution has a couple of modules within it. It takes care of it. It also provides visibility on the compliance level against SCC as a benchmark. Secondly, it addresses cloud misconfiguration. For instance, if there is an exposed public VM or an overprivileged account. Thirdly, it will prevent any threats or risks present.
Cloud configuration is the most valuable feature. It provides real-time information on whether somebody is trying to create or has already created something. We receive an alert and notification for every scan if any team creates misconfigurations.
Regarding threat detection, SCC provides out-of-the-box security features added to the containers.
The observability is good, but the visibility part could be improved. The ability to create custom dashboards is currently lacking. The second point which could be improved is the detection of attacks. The attack detection part is crucial because it identifies where the attack is coming from, how it can impact the environment, which vulnerabilities it can exploit, and what damage it can cause to a particular company.
I have been using the Google Cloud Security Command Center for 3 years.
In a managed solution, there's no stability. It is Google's responsibility to ensure that it works well.
I rate the solution's stability a ten out of ten.
There will be 20,000 to 30,000 endpoints, including components and firewalls, using the SCC suite.
I rate the solution’s scalability a ten out of ten.
Once we reached out to Google, Command support for this part where it was getting a bit, where it was fixed within it was fixed quickly.
We used open-source solutions and trial solutions like Aqua. Additionally, we explored specific tools from Google. However, they were a bit challenging to manage.
There's no setup required. Google manages it. You need to enable it. One person would be sufficient to monitor it if alerts are configured properly. Multiple people would be required to address issues. There will likely be application-level vulnerabilities, necessitating communication with the development or application team. Additionally, network-level issues may require collaboration with the network team.
It's a principle that you don't fully trust your end users, who are prone to making mistakes. There have been instances of misconfigurations in the past. Google Cloud Security Command Center identifies these issues and takes corrective action.
I rate the return on investment as seven out of ten.
The product is expensive with a fixed negotiated rate.
I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.
In terms of identifying, the solution is pretty good. It takes care of all the layers. We have Cloud, Kubernetes cluster, instances running, and network. We have identities, permissions, and access. It provides pictures of everything in GCP.
There's no such integration required. There are Google APIs that you need to enable.
The compliance reporting feature helped us maintain a baseline of compliance within the information security policies.
It's pretty stable and scalable. However, visibility can be improved along with automation. SCC to provide an option to fix those things, perhaps by clicking a button. For example, if a firewall rule allows an application to accept HTTP traffic, I should be able to address that specific issue directly within the interface. It's just a regular call to action button.
There are no prerequisites for the solution. It's a requirement to have good security visibility into your Google Cloud Infrastructure. Cloud Security Command Center could be a good product to consider. There are other open-source solutions available.
There are solutions from Aqua that are pretty decent. I would recommend that if somebody is opting for SCC, they should also explore open-source solutions. Open-source solutions can be very beneficial, especially if they are pursuing a multi-cloud strategy. You won't need additional security tools for platforms like AWS or others.
Whenever a security issue pops up, a generative AI backend provides a summary of what happened. The information provided is quite detailed.
Overall, I rate the solution an eight out of ten.
