Aqua Integrates with Google’s Cloud Security Command Center
Picture of Rani Osnat
Rani Osnat
May 03, 2018

Aqua Integrates with Google’s Cloud Security Command Center

Good news for those of you running container workloads on GCP - we now provide a nice integration with Google's Cloud Security Command Center. The Cloud SCC provides a centralized, single-pane-of-glass view of all security data for GCP applications, and providing actionable insights. It includes things like access control monitoring, asset inventory, vulnerability assessment data, anomaly detection, etc.

aqua integration with google cloud security command center

Now, with Aqua, you can also view container security data in Google Cloud SCC, including:

  • Inventory of vulnerabilities in container images in Google Container Registry (GCR), and alerts on new vulnerabilities
  • Container user security violations, such as privilege escalation attempts
  • Attempts to run unapproved images
  • Policy violations of container network, process, and host resource usage.

How it Works

The first step is to set up the integration. This is done very much like our other integrations with SIEM solutions, such as ArcSight and Splunk, with a dedicated connector configuration:

Google CSCC integration

Once this is set up, you're ready to go - the data from Aqua is mapped to Cloud SCC and will appear in the FINDINGS screen under the Source Type=AQUA_SECURITY. In the example below you can see various types of results including vulnerabilities found in image scans, runtime violations, and image assurance violations (when an image did not meet the policy to be approved for deployment).

google-console-1

Let's drill down into a runtime policy violation. First, let's see what it looks like in the Aqua command center:

aqua-detailed-view-runtime-violation

What we see is a blocked attempt to access the bin/bash library, which is open to the vulnerability known as Shellshock, allowing an attacker to attach malicious code to a Bash shell script environment variable. 

And here's that same information as it appears in the Google Cloud SCC:

aqua-detailed-runtime-violation

Of course the benefit of having this information in a tool like Google's Cloud SCC is that it aggregates and correlates data from a multitude of sources including other 3rd party security vendors, as well as Google's own services such as Google's Compute Engine, Cloud storage, and App Engine.

This is yet another step in our ongoing efforts to secure the development and application delivery on the Google Cloud Platform.
Picture of Rani Osnat

Rani Osnat

Rani is the VP of Strategy at Aqua. Rani has worked in enterprise software companies more than 25 years, spanning project management, product management and marketing, including a decade as VP of marketing for innovative startups in the cyber-security and cloud arenas. Previously Rani was also a management consultant in the London office of Booz & Co. He holds an MBA from INSEAD in Fontainebleau, France. Rani is an avid wine geek, and a slightly less avid painter and electronic music composer.

Cloud Operations, Container Security, Google Cloud Platform

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...
Ready to take the plunge?
Try Aqua

    Aqua Security enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.

    Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks, providing transparent, automated security while helping to enforce policy and simplify regulatory compliance.

Copyright © 2019 Aqua Security Software Ltd.