What is a Remote Agent?
The Remote Agent provides a secure way to connect a cloud Google Security Operations instance to remote sites. This provides MSSP and enterprise Security Operations Centers with the following capabilities:
- Execute actions and playbooks on remote sites directly from Google Security Operations
- Pull alerts and security data from remote sites with remote connectors
- Connect to remote networks to pull data for incident response purposes
The Remote Agents infrastructure consists of 2 main components:
Google Security Operations Platform
Deployment of Google Security Operations platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows.
Google Security Operations Agent
A remote agent deployed on the remote site. The agent pulls new tasks from Google Security Operations, executes remotely (on the remote\separate network) and updates Google Security Operations with the results.
The agent is easily deployed and lets both enterprise and MSSP end-customers to self deploy it.
The agent can initiate communication with Google Security Operations to get new commands and to send new alerts and data.