Secure backups with threat detection and remediation

Data backups are a lifeline and the ultimate safeguard when your organization is faced with unexpected disruption.

Last year, we introduced backup vault, a powerful storage feature available as part of the Google Cloud Backup and Disaster Recovery (DR) service. Backup vault secures backups against tampering and unauthorized deletion, and integrates with Security Command Center for real-time alerts on high-risk actions.

To further support your security needs, we’re deepening the integration between Google Backup and DR and Security Command Center Enterprise. This integration adds new detections — including the ability to detect threats to backup vault — and end-to-end workflows to help customers protect backup data.

Backups and real-time threat detection 

Among the most pressing threats to organizations today are ransomware attacks. We have seen threat actors intentionally delete data to raise the likelihood of seeing their ransom demands met and encrypt unprotected backups to hold them hostage. Accidentally deleting critical data can also cause serious harm, even if unintended. 

Whether malicious or unintended, the consequences of threats to data security can be severe and result in significant data loss and operational disruptions. Security Command Center provides security and risk management across your Google Cloud footprint. It ingests and analyzes security telemetry to detect threats in near real-time. Activity that raises suspicion of an adversary or insider attempting to tamper, modify, or delete your backups will be immediately flagged and brought to your attention. 

Security Command Center: Accelerating incident response

Security Command Center surfaces threats using findings, which are notifications that a specific behavior was observed in your environment. These provide contextual information on the threat event, including which resource was affected, the time of the occurrence, and the nature of the threat. 

To further investigate, Security Command Center findings are linked to Cloud Logging, enabling a deep dive into the forensic details. Here, you can analyze the event to pinpoint the user or service account responsible and take action to remediate.