Google Cloud VPC activity monitoring

Google Cloud Virtual Private Cloud (VPC) is essential to ensure that resources on-premises and in the cloud communicate and function together in a secure manner. A VPC is also used to logically segregate cloud resources.

For instance, a virtual machine (VM) running a web server would need be placed in a public subnet to enable access across the internet. A VM instance used for object storage in the cloud would need to be protected from the internet. Placing both these VMs in separate VPCs would ensure that they remain logically separated even though they are both resources of the same organization. Monitoring Google Cloud VPC activity is therefore crucial in maintaining the required security posture in cloud security.


Monitoring Google Cloud VPC with Log360

Log360 is a SIEM solution that can do the heavy lifting for you in monitoring your Google Cloud VPC. It aggregates audit logs on admin activity and data access to give you a panoptic view of VPC events. You can even configure SMS or email alerts to alert you of any critical change in your VPC.

Log360 can:

  • Monitor changes to VPC network and subnet rules. It provides in-depth information on who made what changes, from where, and when.
  • Provides actionable insights on user accesses. It provides detailed information such as source IP address, time of access, and more to help you determine if traffic is legitimate or not.
  • Offers intuitive dashboards and graphical reports for easier firewall and route management.

Leverage machine learning to detect anomalous events in a VPC

Log360's machine learning algorithms can alert you of events that do not follow regular and established patterns. For instance, if Google Cloud resources are accessed from a machine in your network for the first time. Access will be granted if the machine accessing the resource falls under the specified subnet and if the credentials are right.

However, since this is something that has never happened before, the event will be considered an anomaly, and a risk score will be assigned to it. Following this, if a subnet range of a VPC is changed, this behavior is certainly suspicious, and the the risk score will subsequently rise.

The series of events that led to the high risk score certainly need to be investigated. Log360 can help you detect such events, which may not raise red flags when looked at individually but are suspicious deviations from established patterns.