The Security Command Center (SCC) in Google Cloud provides various services to detect and manage
security risks. Among the options provided, Security Health Analytics is the built-in feature that
utilizes behavioral signals to detect security abnormalities.
Security Health Analytics: It is a service within SCC that performs automated security scans of Google
Cloud resources to detect misconfigurations and compliance violations with respect to established
security benchmarks1.
Detection Capabilities: Security Health Analytics can identify a range of security issues, including
misconfigured network settings, insufficient access controls, and potential data exfiltration activities.
It helps in detecting unusual activity that could indicate a security threat1.
Behavioral Signals: By analyzing behavioral signals, Security Health Analytics can detect anomalies
that may signify leaked credentials or other security risks in virtual machines or GCP projects1.
Why Not the Others?:
Anomaly Detector is not a specific feature within SCC.
Cloud Armor is primarily a network security service that provides protection against DDoS attacks
and other web-based threats, not specifically for detecting security abnormalities based on
behavioral signals.
Cloud Anomaly Detection is not listed as a built-in feature in the SCC documentation.
Reference:
Google Cloud Documentation: Security Command Center overview1.
Google Cloud Blog: Investigate threats surfaced in Google Cloud’s Security Command Center2.
Making Science Blog: Security Command Center: Strengthen your company’s security with Google
Cloud3.
