Extracting Security Insights from Google’s Community Security Analytics

Posted by

In response to increasingly sophisticated online threats, many organizations are shifting from product-centric security approaches to modernize their security operations.

Introduced in March 2022, Google’s Community Security Analytics (CSA) simplifies security operations through continuous detection and responses. Essentially, CSA is a set of open-source queries used for self-servicing security analytics – that enable you to detect common threats on the cloud.

Check out our latest Onix and Google co-authored blog
on Dataform and Community Security Analytics here.

How is Google’s CSA effective?

Traditionally, operational teams have “troubleshooted” security-related challenges by accessing audit trails in the form of data logs, network logs, and virtual machine logs. However, it’s becoming more challenging to analyze these stored logs simply because of their massive volume. Besides collecting logs, they also have to “make sense” of the activities.

With Google’s CSA, organizations can address security-related questions such as:

  • Who is accessing network resources – and from which device and location?
  • Have any sensitive network resources been recently modified – or changes made to network settings?
  • Do you detect any unusually high usage of APIs and cloud workloads?

Using Google’s CSA, organizations can easily detect cloud security threats by:

  • Identifying logins from a highly privileged account.
  • Detecting any suspicious login attempt, which has been flagged by Google Cloud.
  • Detecting a high number of failed logins from a particular user.
  • Identifying login attempts that violate IAP access controls.

Deploying CSA on Dataform

In collaboration with Onix, the Google Cloud team has successfully deployed CSA through Dataform. Powered by BigQuery, Dataform is an open-source data modeling framework used in the extraction, loading, and transformation (ETL) process.

With this integration, organizations can now leverage BigQuery along with Dataform and Log Analytics to manage and analyze a variety of logs.

Here’s a detailed blog that talks about deploying Google’s CSA using Dataform – and extracting security insights from stored logs.

Reference links: 

Related blogs

Subscribe to stay in the know

Your trusted guide to everything cloud

No matter where you are on your journey, trusted Onix experts can support you every step of the way.