In response to increasingly sophisticated online threats, many organizations are shifting from product-centric security approaches to modernize their security operations.
Introduced in March 2022, Google’s Community Security Analytics (CSA) simplifies security operations through continuous detection and responses. Essentially, CSA is a set of open-source queries used for self-servicing security analytics – that enable you to detect common threats on the cloud.
on Dataform and Community Security Analytics here.
How is Google’s CSA effective?
Traditionally, operational teams have “troubleshooted” security-related challenges by accessing audit trails in the form of data logs, network logs, and virtual machine logs. However, it’s becoming more challenging to analyze these stored logs simply because of their massive volume. Besides collecting logs, they also have to “make sense” of the activities.
With Google’s CSA, organizations can address security-related questions such as:
- Who is accessing network resources – and from which device and location?
- Have any sensitive network resources been recently modified – or changes made to network settings?
- Do you detect any unusually high usage of APIs and cloud workloads?
Using Google’s CSA, organizations can easily detect cloud security threats by:
- Identifying logins from a highly privileged account.
- Detecting any suspicious login attempt, which has been flagged by Google Cloud.
- Detecting a high number of failed logins from a particular user.
- Identifying login attempts that violate IAP access controls.
Deploying CSA on Dataform
In collaboration with Onix, the Google Cloud team has successfully deployed CSA through Dataform. Powered by BigQuery, Dataform is an open-source data modeling framework used in the extraction, loading, and transformation (ETL) process.
With this integration, organizations can now leverage BigQuery along with Dataform and Log Analytics to manage and analyze a variety of logs.
Here’s a detailed blog that talks about deploying Google’s CSA using Dataform – and extracting security insights from stored logs.
Reference links:
- https://cloud.google.com/blog/products/data-analytics/deploy-community-security-analytics-with-dataform
- https://cloud.google.com/blog/products/identity-security/introducing-community-security-analytics
- https://cloud.google.com/blog/products/identity-security/new-resources-to-advance-your-autonomic-security-operations-modernization-journey
