e2e launches Google SOC services
As part of our ongoing roadmap, covering both specific customer needs and proactive product development, this week we launched our Google Cloud Security Operations Centre services, delivered through new integrations with our SOC Platform, Cumulo, allowing organisations to have a 24/7 detect and respond service for all Google tools.
We sat down with Mark Peart, Business Development & Product Director, to find out more about how it works and what it means for organisations.
Q: "What were the reasons for developing the Google Cloud Platform (GCP) and Google Workspace integrations for Cumulo?”
A: "Google is continuing to gain market share [9%] in the cloud services marketplace. It’s investing a lot in its capabilities and whilst it’s obviously behind AWS [32%] and Azure [20%], the cloud industry is expected to grow rapidly over the next few years, with Google playing a big part in that growth.”
“With more customers looking at their own cloud migration and cloud-first strategies, whether they’re commercial or government organisations, we’re seeing a growing number of customers looking at the Google solution, either solely using Google Cloud Platform and Google Workspace, or as part of a multi-cloud approach.”
“We also know that Google is massively popular in education, and continually growing in the UK and so we’re starting to see organisations look at Google as an attractive infrastructure for tomorrow’s workforce, in particular in disruptive industries such as high-tech manufacturing. This will only strengthen the desire for multi-cloud and multi-OS networks and it’s absolutely critical that organisations can monitor, detect and respond to potential threats, whatever the network looks like.”
“To that extent, organisations have the choice to either build a detect and response capability in-house, leveraging tools that Google provide, supplemented by their own processes and people, or they can look to a partner that can offer this as a holistic service.”
“A big part of e2e’s strategy is to act as a single lens into an organisation to provide comprehensive, 24/7 cyber security monitoring of the whole enterprise, regardless of the technology used and this is another step in that direction."
Q: "What outcomes can a Google customer expect from working with e2e?"
A: "We set out to develop an integration that comes with a number of Google-focused use-cases and capabilities, covering both Google Workspace and the Google Cloud Platform. We wanted to make sure that from a monitoring perspective, we could not only leverage the tools that Google provide, such as Security Command Center and the alerting mechanisms within GCP and Workspace, but also be able to monitor the logs and network traffic covering all devices to provide a 24/7 detection and response capability for all customers that use these services.”
“Another of the requirements that we were very clear in wanting to provide was that in order to make it a truly comprehensive monitoring capability, we didn’t just want to settle on a log integration. We worked hard to build the ability to integrate with all the Google toolsets, such as Security Command Center, which is mostly focused on best practice configuration and compliance. This allows us to pick up data points to monitor, even where a customer may not have configured their Google Cloud Services in the most secure way.”
“As with all of our services, customers benefit from our SOC capabilities stretching beyond one particular infrastructure provider. For example, we see a number of customers utilising more of the Google toolset, but still using AWS Security Hub, likewise customers use a range of other SaaS tools, such as Salesforce, ServiceNow and Workday, which our service integrates with to provide that single lens into an organisation’s whole network and the cyber risks facing the entire enterprise.”
“Finally, customers can also benefit from some of our other services to improve their security, whether they’re a Google user or not, such as our cyber maturity development, external vulnerability scanning and access to our threat intelligence feeds to name a few. In addition, this service compliments, rather than replaces Google tools, with our Account Management team working with customers to improve their Google strategy and reduce total cost of ownership (TCO) over the contract by de-duplicating technology and extracting more value from existing investments.”
Q: "You’ve mentioned logs and other data points, but what would customers need to have or provide to benefit from the service?"
A: “It’s the same for any customer really, in that we build our services based upon the scale of services they are using. GCP is a platform providing compute and server-based infrastructure and services, which in their own right generate logs and alerts from operating systems, firewalls and other services which all add to the context required to monitor the whole environment. So after understanding what is being used now and what’s planned in the future, we can provide a configuration guide to ensure that tools are set up as they should be and allow us the minimum level of permissions required to effectively integrate to the toolsets and ensure any alerts come to our SOC to triage and investigate.”
“Our service understands all the resources, assets and devices a customer may have, and as a part of our integration we ensure we have full visibility of these entities to provide situational awareness and a full understanding to support any triage or investigation.”
“We then just need some of the customer’s time to run through our usual processes, for example our ‘Threat Workshops’ that look at the key threats we’re looking to defend against, ways into the network and how we can build and continually test use-cases and processes around this customer-specific knowledge.”
Q: Is there a particular customer size or network type that's better suited to this service?"
A: “Not really, we scale our services down to organisations that may have a few dozen employees, up to those with tens of thousands of staff. Likewise, the number of devices and assets are not a problem and we can build out services around a mixed estate of on-premise and cloud services just as well as those fully in the cloud.”
Q: And finally, what sort of AI/ML/automation capabilities are used in the service?”
A: “Firstly, we want to take advantage of whatever automation or machine learning capability Google implement in their underlying tech. In addition to that, we add our own tools to look at the data, to automate use-cases and to ensure that we have the best situational awareness and are cross-correlating data from one tool to another, minimising the time to detect, investigate and triage.”
“It really all comes back to the point about the technology and processes supporting the right decisions and in some cases automation, AI, ML etc. will help reduce the manual alert-bashing and false positives the SOC face, to free them up to see, think about and deal with real threats more effectively. Of course, any automation our end is reviewed continuously to ensure no real threats slip through as false positives.”
Get in touch
If you’re interested in finding out more about our Google integrations and how we effectively monitor all network types, get in touch via our contact us page or by emailing email@example.com.