AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

It’s time to talk. And listen. And learn. And listen some more. Read a few words from Expel’s CEO.

X

Google Cloud Platform

24x7 detection and response for GCP workloads using built-in GCP APIs and services

Managed detection and response for GCP

(Even for lumberjacks, wrestling with GCP logs can get tricky)

If your developers are coding, then your cloud is growing. And chances are they didn’t convene a blue ribbon committee to review their security strategy. Expel can help you get visibility into risks that are unique to Google Cloud Platform (GCP) and chase them down without annoying your DevOps team.

Detections designed
for your GCP environment

Our GCP detection strategy uses native GCP services:

  • Analyzes Event Threat Detection (ETD) alerts
  • Adds custom detections for high-risk activities
  • Tunes detections to match your apps and workloads
GCP_Dashboard

What we do

Expel-Diamonds_diamond-01
Mobile-Diagram_Mobile 1
AWS-Icons_monitoring

24x7 GCP monitoring

Our analysts chase down your GCP alerts so you can focus on building new features, products and services.

Expel-Diamonds_diamond-02
Mobile-Diagram_Mobile 2
AWS-Icons_investigating

Investigations in GCP

We’ll connect the dots from suspicious GCP alerts back to their root cause and tell you what they mean.

Expel-Diamonds_diamond-03
Mobile-Diagram_Mobile 3
AWS-Icons_fixes

Fixes “written in GCP”

Whenever possible, our analysts will recommend configuration changes to address activities we tell you about.

The best part about our conversation with Expel was that they showed us exactly what they were monitoring today from a cloud security standpoint, and what they could get up and running immediately

— Jeremy Stinson, Principal Architect at Qlik

What we look for

(updated as GCP makes up for lost time)

Google adds shiny new services almost as fast as they rename the ones they already have. As GCP rolls out these new services, we’ll help you keep up. That includes evaluating and updating our detection and response strategy where it makes sense. Here are a few examples of what we’ll look for:

Azure-icons-01

Suspicious logins and
unauthorized access

AWS-icons-02

Disabling or changing GCP
security capabilities

AWS-icons-03

Unauthorized sharing or access to
sensitive data

AWS-icons-04

Evidence of
instance compromise

GCP Icon

Unusual or
risky API activity

Azure-icons-06

Risky violations of GCP best
practices

How we use native GCP services

(hint: it takes more than Event Threat Detection)

Expel uses API integrations to connect directly to your GCP platform. We support authentication via Cloud IAM. To collect data, Expel communicates directly with APIs for services like Event Threat Detection (ETD), Admin Activity Audit Logs and Data Access Audit Logs.

Expel Google Cloud Infographic

How Expel uses GCP services for detection, investigation and response

GCP service Examples of how we use them Detect Investigate
Event Threat Detection (ETD) Add-on service (cha ching!) monitoring anomalous flow log activity
Cloud SQL Keeps an eye out for suspicious deletion of logs or someone exporting sensitive data
Cloud IAM Monitors who’s accessing your environment and what resources they may have access to
Key Management Service (KMS) Monitors who’s touching your encrypted data
Cloud Functions Checks workloads that don’t need authentication to access (like those with public access)
Cloud Storage Monitors when content goes public (especially to an anonymous user or non-corp GCP user)
Cloud Compute Engine Monitors for external access to images and/or snapshots 📸
Cloud VPC Looks for firewall rules created outside the norm
BigQuery Recognizes when GCP BigQuery service is disabled
Thumbnail 500×300 Expel Introducing 24x7 Monitoring And Response For Google Cloud Platform 062320 Hero

Blog

Running a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help!

GCP Thumbnail

Zoomcast

Andrew Pritchett and Peter Silberman walk through GCP Service Accounts best practices.

Thumbnail 500×300 Expel What You Should Know When Switching To A Multi Cloud Solution 062520 Hero

Blog

Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.

Give us 30 minutes to show you how we can protect your data and workloads in GCP.

Back To Top