From its beginnings as App Engine in 2008, Google has grown its Google Cloud Platform (GCP) into one of the premier and fastest growing cloud computing platforms on the market today. The recent release of GCP Cloud Security Command Center (CSCC) gives enterprises deeper insights into the health of their data security across Google Cloud services. Its primary function is to help businesses gather data, identify threats, and act on threats before data is compromised or lost.
McAfee MVISION is a set of cloud native products that help protect data and stop threats—on the device, in the cloud, and everywhere in between. In close partnership with Google, we aim to enhance our customers’ joint experience with our products. To that end, MVISION Cloud integrates with and augments GCP CSCC with MVISION Cloud Access Security Broker (CASB) data to provide customers with deeper insights and remediation options. McAfee worked closely with Google to ensure seamless sharing of this critical security data so that security professionals can spend more time being productive in the cloud and less time being worried about locating hidden risks.
How Do They Work Together?
MVISION Cloud integrates with GCP CSCC to provide CSCC users with enriched details from MVISION Cloud’s extensive incident data. This allows security professionals to build their security and event management ecosystems in an easy, intuitive way.
After you’ve enabled the Cloud SCC dashboard, you need to add McAfee as a Security Source
- Navigate to https://console.cloud.google.com/security/dashboard and select the organization from the dropdown
- At the top of the dashboard, click Add Security Sources. Search and select ‘McAfee MVision Cloud’ solution
- As you’ve already setup McAfee MVISION Cloud for GCP, request the support team to enable sending GCP findings/incidents from MVISION Cloud to CSCC
- Once this is enabled, setup is complete, and you will see the MVISION Cloud’s GCP findings/incidents in CSCC console
How do CSCC and MVISION Cloud Work Together?
CSCC queries can be enhanced with configuration incident data derived from the McAfee MVISION Cloud policy engines. Consider all the places within a customer’s GCP Services where the potential for misconfiguration could lead to a security incident. This would include:
- Firewall Rules
- VM Instances
- Storage Accounts
- Service Accounts
- VM Disks
- GCP KMS
McAfee MVISION Cloud scans the security configurations of GCP services based on an organization policy standard such as Center for Internet Security (CIS) standards or any policy a customer would derive to meet their needs.
When a misconfiguration incident is discovered, the incident details is sent to Google CSCC where the findings are displayed and are available for customers to query.
A Culture of Openness
Over the years McAfee’s product portfolio has increasingly adopted a platform-centric and open approach to cyber security. It’s worthwhile to demonstrate the pedigree of openness McAfee has cultivated: McAfee DXL, McAfee Security Innovation Alliance, and McAfee CASB Connect. Through these programs, McAfee builds relationships with large and small software vendors across security disciplines (including competitors) to help maximize value for all customers. In addition, McAfee continues to look for opportunities to go to market with strategic partners such as Google.
How do I get started?
Existing McAfee MVISION Cloud for GCP customers already have everything they need to get started. After you’ve enabled the Cloud SCC dashboard, just add McAfee as a Security Source on the CSCC console, and get the incidents-push enabled on McAfee MVISION Cloud side. Post this, you will continue to see the MVISION Cloud’s GCP findings/incidents in CSCC console.
For those that do not yet run McAfee MVISION Cloud, subscribing is easy – you can reach out via this link for a demo and setup. Once subscribed, the full rollout of MVISION Cloud for GCP can be connected to CSCC as described above.
See a preview of McAfee MVISION Cloud for GCP: