Analyzing Lateral Movement in Google Cloud Platform

TLDR: Panther now offers coverage of Google Cloud Platform (GCP) event logs and 3rd party logs transported via GCP. With the addition of GCP Publish/Subscribe messaging as a data transport type, security teams can simultaneously ingest, normalize, enrich, detect, and respond to potential security threats across all GCP and non-GCP logs.

Basics of Google Cloud Platform

With the growing adoption of Google Cloud Technologies, security knowledge of these resources has become essential for organizations. Panther is now positioned to provide threat detection & response to all GCP customers with integrations of Google Cloud Storage (GCS), Google Workspace, and Publish/Subscribe Messaging (Pub/Sub) to analyze Google Audit Logs and transport other security data into a Security Information and Event Management tool. 

In this article, we’ll explore the capabilities of these respective GCP services and how collaborating with each source with a centralized SIEM can create holistic protection for your environment. 

From Legacy SIEM To Modern SIEM

As security is a shared responsibility of the organization and cloud provider, security use cases are essential to understand how to create a robust cloud security model in GCP. Although logs can be analyzed with in-house or Google products, security data is better monitored with a SIEM tool that ingests all security-relevant logs. However, many SIEM tools lack the scale and power to ingest vast amounts of cloud data and transform it into helpful information for a security team’s analysis. Contrary to legacy SIEM, Panther provides a serverless architecture that requires zero operational overhead management

Read more

Explore the site

More from the blog

Latest News