AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Q2 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure


Google Cloud Platform Security Monitoring

24x7 detection and response for GCP workloads using built-in GCP APIs and services

Managed detection and response for GCP

(Even for lumberjacks, wrestling with GCP logs can get tricky)

If your developers are coding, then your cloud is growing. And chances are they didn’t convene a blue ribbon committee to review their security strategy. Expel can help you get visibility into risks that are unique to Google Cloud Platform (GCP) and chase them down without annoying your DevOps team.

Detections designed
for your GCP environment

Our GCP detection strategy uses native GCP services:

  • Analyzes Event Threat Detection (ETD) alerts
  • Adds custom detections for high-risk activities
  • Tunes detections to match your apps and workloads

What we do

24x7 GCP monitoring

Our analysts chase down your GCP alerts so you can focus on building new features, products and services.

Investigations in GCP

We’ll connect the dots from suspicious GCP alerts back to their root cause and tell you what they mean.

Fixes “written in GCP”

Whenever possible, our analysts will recommend configuration changes to address activities we tell you about.

The best part about our conversation with Expel was that they showed us exactly what they were monitoring today from a cloud security standpoint, and what they could get up and running immediately

— Jeremy Stinson, Principal Architect at Qlik

What we look for

(updated as GCP makes up for lost time)

Google adds shiny new services almost as fast as they rename the ones they already have. As GCP rolls out these new services, we’ll help you keep up. That includes evaluating and updating our detection and response strategy where it makes sense. Here are a few examples of what we’ll look for:

Suspicious logins and
unauthorized access

Disabling or changing GCP
security capabilities

Unauthorized sharing or access to
sensitive data

Evidence of
instance compromise


Unusual or
risky API activity

Risky violations of GCP best

How we use native GCP services

(Hint: it takes more than Admin Activity Audit Logs)

Expel uses API integrations to connect directly to your GCP platform. We support authentication via Cloud IAM. To collect data, Expel communicates directly with APIs for services like Event Threat Detection (ETD) and Admin Activity Audit Logs.

How Expel uses GCP services for detection, investigation and response

GCP service Examples of how we use them Detect Investigate
Event Threat Detection (ETD) Add-on service (cha ching!) monitoring anomalous flow log activity
Cloud SQL Keeps an eye out for suspicious deletion of logs or someone exporting sensitive data
Cloud IAM Monitors who’s accessing your environment and what resources they may have access to
Key Management Service (KMS) Monitors who’s touching your encrypted data
Cloud Functions Checks workloads that don’t need authentication to access (like those with public access)
Cloud Storage Monitors when content goes public (especially to an anonymous user or non-corp GCP user)
Cloud Compute Engine Monitors for external access to images and/or snapshots 📸
Cloud VPC Looks for firewall rules created outside the norm
BigQuery Catches public access granted to a BigQuery dataset


Introducing 24x7
monitoring and response for
Google Cloud Platform

Running a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help!


Conquering GCPs IAM hierarchy: Where to get started with Service Accounts

Andrew Pritchett and Peter Silberman walk through GCP Service Accounts best practices.


So you’ve got a
multi-cloud strategy;
here’s how to navigate
four common security challenges

Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.

Review Expel on G2

© 2022 Expel, Inc. All Rights Reserved

Back To Top