Good news for those of you running container workloads on GCP - we now provide a nice integration with Google's Cloud Security Command Center. The Cloud SCC provides a centralized, single-pane-of-glass view of all security data for GCP applications, and providing actionable insights. It includes things like access control monitoring, asset inventory, vulnerability assessment data, anomaly detection, etc.
Now, with Aqua, you can also view container security data in Google Cloud SCC, including:
The first step is to set up the integration. This is done very much like our other integrations with SIEM solutions, such as ArcSight and Splunk, with a dedicated connector configuration:
Once this is set up, you're ready to go - the data from Aqua is mapped to Cloud SCC and will appear in the FINDINGS screen under the Source Type=AQUA_SECURITY. In the example below you can see various types of results including vulnerabilities found in image scans, runtime violations, and image assurance violations (when an image did not meet the policy to be approved for deployment).
Let's drill down into a runtime policy violation. First, let's see what it looks like in the Aqua command center:
What we see is a blocked attempt to access the bin/bash library, which is open to the vulnerability known as Shellshock, allowing an attacker to attach malicious code to a Bash shell script environment variable.
And here's that same information as it appears in the Google Cloud SCC:
Of course the benefit of having this information in a tool like Google's Cloud SCC is that it aggregates and correlates data from a multitude of sources including other 3rd party security vendors, as well as Google's own services such as Google's Compute Engine, Cloud storage, and App Engine.
This is yet another step in our ongoing efforts to secure the development and application delivery on the Google Cloud Platform.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.