Detecting data deletion and threats to backups with Security Command Center
Salim Hafid
Product Manager
The threat landscape is rapidly evolving, with data destruction attacks increasingly pervasive and more sophisticated than in years past. Today’s threat actors are constantly identifying new pathways to target data and to limit organizations’ ability to recover from attacks.
Backups have long been the solution to rapid recovery from data destruction, which is why they are often targeted by attackers. Effective mitigation against the threat of a destructive cyber attack requires that your backup solution be purpose-built for cyber resiliency with security a core component, not bolted on afterwards.
Google Cloud Backup and DR features built-in support for Cloud Logging and Cloud Monitoring, enabling customers to send alerts for Backup and DR events, jobs, resource consumption, and more. We’ve taken these platform-level capabilities a step further with Security Command Center integration.
Real-time alerts in Security Command Center
Security Command Center is our security and risk management solution for Google Cloud. With this new Backup and Disaster Recovery integration, customers can now receive automated alerts for events that threaten security posture. When threats to backup and recovery infrastructure are detected, Security Command Center will generate findings to help customers identify and remediate issues to protect the integrity of backup data.
With this Security Command Center integration, Backup and DR customers can now:
- Receive instant alerts on high-risk actions, such as backup policy deletion
- Investigate threats and identify affected backup resources
- Leverage Duet AI in Security Command Center to get insight on security issues
A closer look at Backup and DR Detectors
Security Command Center provides threat detection using Backup and DR detectors, which are intelligent rules that monitor events to identify high-risk activity in real time. The logs needed for detection are enabled by default for all of our customers, showing our commitment to security.
Threat actors who delete backups are not the only risk to customers’ backup posture. A threat actor might use alternative pathways to achieve data destruction, such as targeting backup infrastructure and components that impact future backups or ability to recover from a backup. Backup and DR Detectors actively monitor these pathways.
When users take high-risk actions, Backup and DR Detectors are automatically triggered. Security Command Center then immediately surfaces these high-risk events as findings, providing detailed information on the event, including severity, affected resource, and recommended workflows for investigation and remediation.
Getting started
Go to the Google Cloud console to get started today with Security Command Center. Customers of both Google Cloud Backup and DR and Security Command Center Premium will have Backup and DR Detectors automatically enabled as part of the Event Threat Detection service with no additional configuration required.