Skip to content
NNSEC
Get in touch

Why NorthSec AI

Multi-cloud read-only connectors, OCSF normalization, and agentic SOC in one contract.

Platform overviewHow the platform works →Platform capabilities →
Full coverageAWSFull coverageMicrosoft AzureFull coverageGoogle CloudCore coverageOracle CloudCore coverageDigitalOceanFull coverageOn-Premises
StrategicSecurity Architecture & Risk AssessmentStrategicCompliance ReadinessOffensiveAutomated Pentesting & Vulnerability ScanningIntelThreat Intelligence & Predictive DefenseOperationsAutomated SOC & Noise ReductionNetworkIntelligent DNS Security LayerDefensiveDeception & Honeypot DeploymentIntelZero-Day & Anomaly DetectionStrategicExecutive Reporting & AI Risk Intelligence
Compare all tiers →Talk to a vCISO →
IndustryFintech & PaymentsIndustrySaaS & B2B SoftwareIndustryAI / ML CompaniesIndustryHealth Tech & HIPAAIndustryE-Commerce & Marketplaces

Case studies

Fintech SOC2 in 90 daysSaaS multi-cloud hardeningAI startup IR retainer
FrameworkSOC 2 Type IIFrameworkISO 27001:2022FrameworkGDPRFrameworkHIPAAFrameworkPCI DSS v4.0FrameworkNIS2
Free compliance readiness audit
ResourceBlogResourceThreat ResearchResourceCase StudiesResourceCompliance LibraryResourceNNSEC University

Latest brief

Credential spill wave

Public summary · M365 OAuth consent phishing.

Read briefing →
CompanyAboutCompanyPartnersCompanyCareersCompanyPressCompanyContactCompanyStatus

We're hiring

Remote-first · Coverage across MENA, EU, and US

View open roles

[ PLATFORM // GOOGLE_CLOUD ]

Security for GCP.
Org hierarchy first.

Folder and project-level posture from IAM, VPC SC, Security Command Center, and asset inventory — one graph for toxic combinations.

Start onboarding View pricing

200+

Projects

Unified

SCC findings

Tracked

Org policies

Full coverage
gcp://asset.inventoryREAD-ONLY
  • org-prod
  • folder-app
  • prj-checkout
  • prj-data

SCC HIGH · public bucket gcs://checkout-logs

[ DOMAINS // COVERAGE ]

What we assess
in Google Cloud.

Platform-native domains — not a generic cloud checklist pasted from another provider.

IAM & admin

Primitive roles, service account keys, domain-wide delegation.

VPC & firewall

Open 0.0.0.0 rules, legacy networks, private Google access.

GCS

Public buckets, uniform access, CMEK usage.

GKE

Workload identity, pod security, exposed services.

SCC

High/Critical findings with mute reason audit.

Logging

Admin activity, data access, sink coverage.

Org policies

Constraints on external IPs, OS Login, key creation.

Secrets

Secret Manager versioning and IAM bindings.

[ RUNBOOK // ONBOARDING ]

Onboarding preview
from checklist.

Steps align with NNSEC_Onboarding_Checklist — full runbook generates after discovery wizard.

  1. 01

    Org discovery

    Read-only SA at org or folder with Security Reviewer roles.

  2. 02

    Asset export

    Cloud Asset Inventory feed enabled.

  3. 03

    SCC link

    Findings stream into NorthSec AI normalizer.

  4. 04

    Scope projects

    Labels define prod boundary.

  5. 05

    Risk scoring

    Category scores align to monthly report template.

  6. 06

    Board pack

    Quarterly deck includes GCP-specific heatmaps.

Complete discovery wizard
[ TOOLING // OSS ]

Tools we deploy
and integrate.

Open-source and native cloud APIs — no proprietary agent required unless noted for on-prem.

Security Command Center
Cloud Asset Inventory
IAM Recommender
Policy Analyzer
Prowler GCP
Forseti patterns

Connector · Organization-level service account with custom role — no project Editor grants.

[ COMPLIANCE // MAP ]

Framework mapping
for Google Cloud.

Evidence exports attach findings to auditor-friendly control IDs.

CIS GCP

CIS · SOC 2

HIPAA BAA

Healthcare workloads

PCI SAQ-A

Cardholder env boundaries

[ TIERS ]

Connector included by tier

foundation · $3,500
growth · $5,000
scale · $8,000
enterprise · $12,000

Customer story

0 public GCS buckets

AI startup remediated 19 exposed buckets found on day-7 scan.

AI / ML

Other platforms

AWSMicrosoft AzureOracle Cloud
All platforms

FAQ

Org-level SA preferred for multi-project; single-project uses folder scope.

Connect Google Cloud to NorthSec AI

Full coverage · read-only · per-tenant KMS

Book technical scoping See SOC automation