Cloud Security Command Center - April 2nd, 2024 [Breaking, Feature]

## Feature **Enterprise tier released to General Availability** The Enterprise tier, which transforms Security Command Center into a cloud-native application protection platform (CNAPP) that combines cloud security and enterprise security operations with multicloud support, is released to [General Availability](https://cloud.google.com/products#product-launch-stages). The following features and capabilities of the Enterprise tier are new to Security Command Center: * [Multicloud support](https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview#multicloud%5Fsupport%5Fsecure%5Fyour%5Fdeployments%5Fon%5Fother%5Fcloud%5Fplatforms): You can now connect Security Command Center to Amazon Web Services for the following capabilities: * Detect threats and vulnerabilities * Assess the risk exposure of your high-value AWS resources * Assess compliance with [security standards](https://cloud.google.com/security-command-center/docs/compliance-management#security-standards-supported-on-aws) * [A new Security Operations console](https://cloud.google.com/security-command-center/docs/scce-consoles-overview#secops-console) for global security operations tasks * [SIEM and SOAR capabilities for security operations](https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview#enterprise%5Ftier%5Ffunctions%5Fand%5Fservices%5Fsummary) * Security investigation and event management (SIEM) capabilities: * Ingest and normalize logs from Google Cloud, AWS, Security Command Center findings, and resource metadata from multiple sources * Detect the most important cloud threats with curated threat detection * Search across consolidated SIEM data * Security operations and response (SOAR) capabilities: * Manage detections, investigations, and responses with cases * Automate response workflows with playbooks * Focus on posture and threat findings with dedicated views in the Security Operations console * Integrate with IT service management products, such as Jira and ServiceNow, for posture management * Search across consolidated SOAR data * The following attack exposure scoring features are in General Availability: * [Attack exposure scores now calculated for high-value resources](https://cloud.google.com/security-command-center/docs/attack-exposure-learn#resources%5Fthat%5Freceive%5Fattack%5Fexposure%5Fscores) * [Severities of vulnerability findings can vary to align with attack exposure scores](https://cloud.google.com/security-command-center/docs/finding-severity-classifications#variable-severities-by-risk-score) * Optional [automated assignment of resource values with Sensitive Data Protection](https://cloud.google.com/security-command-center/docs/attack-exposure-learn#priority-values-auto-by-data-sensitivity) * [Vulnerability and misconfiguration detections](https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview#manage-vulnerabilities) * Security Health Analytics includes the following enhancements: * New misconfiguration detectors for AWS resources * Detectors are mapped to new security standards * You can now manage the remediation of critical and high severity vulnerability and misconfiguration findings using cases that are automatically opened for you. * [Threat detection and investigation](https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview#manage-threats) * Detect threats in your AWS deployments * Investigate and respond to incidents with SIEM-like capabilities across 90 days of cloud logs * Manage the investigation of and response to threats by using cases * Define response workflows and automated actions in response to threats by using playbooks * [Mandiant Attack Surface Management integration](https://cloud.google.com/security-command-center/docs/concepts-security-sources#mandiant-asm) * Mandiant Attack Surface Management scans your external attack surfaces to identify vulnerability and misconfiguration findings * [Sensitive Data Protection integration](https://cloud.google.com/security-command-center/docs/concepts-security-sources#dlp) * The **Risk overview** page of Security Command Center in the Google Cloud console now shows data security findings from the Sensitive Data Protection discovery service * Findings from Sensitive Data Protection that indicate the sensitivity and data risk levels of your data can inform the automated assignment of resource values for the attack path simulation feature * [Gemini artificial intelligence features](https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview#ai-features) * Natural language search for threat findings * AI investigation widget for cases * [Compliance, security standards](https://cloud.google.com/security-command-center/docs/compliance-management) * Support for AWS security standards * [Validate infrastructure as code (IaC)](https://cloud.google.com/security-command-center/docs/validate-iac) against organization policies and Security Health Analytics detectors. The IaC validation feature lets you determine whether your new or modified resource definitions violate the existing policies that are applied to your Google Cloud resources. * [Integration with Assured Open Source Software](https://cloud.google.com/security-command-center/docs/integrate-aoss-with-scc)The paid tier of Assured OSS is included with your Enterprise tier license, so that you can enhance your code security by using the open source software packages that Google uses for its own developer workflows. ## Breaking **With the Enterprise tier, severity levels of certain findings are now variable** In the Enterprise tier of Security Command Center, the default severity level of an active vulnerability or misconfiguration finding can change if the finding's attack exposure score changes. If you are a user of the Premium tier and you upgrade to the Enterprise tier, check any automated or manual procedures that rely on the value of the `severity` property to ensure that they can support a variable severity value. For more information, see [Severities that vary based on attack exposure score](https://cloud.google.com/security-command-center/docs/finding-severity-classifications#variable-severities-by-risk-score).