One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1493780 |
| Date de publication | 2019-12-11 14:00:00 (vue: 2019-12-17 22:00:15) |
| Titre | Google Cloud Platform security monitoring with USM Anywhere™ |
| Texte | According to a 2019 Cyber Security Report published by the International Information System Security Certification Consortium, 93 percent of organizations say they are concerned about cloud security and 28 percent admit to having experienced cloud security incidents during the past year. The reality is, most companies lack the specialized knowledge and skills needed to provide that customer data stored in the cloud is protected Cloud service providers (CSPs) do provide extra security layers, such as automating threat detection, with the intent of making their customers feel more confident in the security of the cloud. However, the number of cloud breaches that are being reported shows that CSPs and organizations alike continue to struggle with cloud security. Much of this is due to a lack of unified visibility not just in the cloud, but across an organization’s entire network, siloed teams and technologies, lack of threat intelligence, and partnerships with third-parties whose security controls are not up to snuff. To address these challenges, many in the industry are advocating for organizations to simplify and unify their security approach, i.e. bring as many controls as possible into a single solution in order to break down the silos between security teams and technologies and to give greater visibility across the organization. We at AT&T Cybersecurity help organizations to accomplish this with our Unified Security Management™ (USM) Anywhere platform. Of course, the effectiveness of any security solution is largely determined by the threat intelligence underpinning it. In any environment, we need to identify the common tactics, techniques, and procedures (TTPs) adversaries are using in their attacks. Below, we provide an overview of the latest threat intelligence from Alien Labs™ for Google Cloud Platform (GCP), which helps security practitioners to discover issues in their cloud workloads and detect adversaries exploiting attack vectors commonly seen in cloud environments. Google Cloud Platform integration in USM This summer, AT&T Cybersecurity launched the USM Anywhere™ integration with GCP. Through the USM Anywhere Alien App for GCP, USM can now consume all logging information managed by the Stackdriver utility in a configurable and intuitive way. Google Cloud Platform logs are provided through three major channels: Audit Logs. Record all events impacting objects within the environment. These logs are used to monitor any cloud assets, presenting a solid baseline for security detection. VPC Flow Logs. Half way between resource monitoring and cloud infrastructure security, these logs are the delights of NIDS enthusiasts. Firewall Logs. These help with auditing firewall rules events, and they are useful in detecting risky open ports and other configuration issues. In USM, these channels are processed by different plugins, which extract pieces of intelligence and map them to variables that are easy to steer into orchestration rules. The correlation engine allows for the combination of detections from different channels into a single orchestration rule, scaling GCP security to a new level. To prevent an intrusion from being recorded or triggering a notification, adversaries may try to disable audit logging once they get the necessary permissions. To protect against that, the product has out of the box correlation rules to generate an alert if any of the logging features is disabled. |
| Envoyé | Oui |
| Condensat | “bucket tracking /var/run/secrets/kubernetes 2018 2019 able about abuse access accesses accessible accessing accidental accomplish according account accounts across activity added addition address admin admit adversaries advocating after against agent ago alert alerting alerts alien alienapp alike all allauthenticatedusers allow allows allusers along already also alternative amazon among analytics analyzed anomalous anon anonymous another any anywhere anywhere™ anywhere™ api apiserver app appdata applications approach apps arbitrary are arising assets assigned assigning at&t attack attackers attacks attempting attempts attention audit auditing authentication automate automating away aws azure backup based baseline before behavior behaviors being below between blog both box box™ breaches break bring brute bucket buckets but called can capabilities cases center certification challenges channels channels: cli cloud cloudtrail code codes combination comes committed common commonly companies compatible compromise compute concerned confident config/gcloud/ configurable configuration configurations consortium consume consumption containerization containers continue continuing continuously contrary control controls correlation course coverage covering create created credential credentials critical cryptomining csps customer customers cyber cybersecurity dark data database date default delete deleted deleting deletion delights denied detect detected detecting detection detections detects determined different digs directly directories directory disable disabled discover discovered does down due during easy effectiveness eks elevated endpoint endpoints engine enthusiasts entire enumeration environment environments escalation event events example exceeded execution expand expanding expands experienced exploiting exploiting exposed exposure extra extract factor feature features feel file files filesystem final find firewall flow focus focusing followed force found from gain gce gcloud gcp gcpbucketbrute gcs generate generates get git give gke google google’s grant greater group growing guardduty half hardcoded has have having help help helping helps high hijack hijacking however identified identify identity impacting impersonate important importantly incidents included includes including individual industry information infrastructure inspecting installation instance instances integrated integration intelligence intent interesting international intrusion intuitive involve io/serviceaccount/token issues it’s just key keys knowledge known kube kubelet kubernetes labs labs™ lack large largely late latest launch launched layer layers lead legacy legitimate level like likely limit limits linked locations logging logic logs look loss machine machines major make making malicious manage managed management management™ managing manipulated manipulation many map market mass may means methods microsoft® migrate misconfigurations misconfigured modify monitor monitoring months more most much multi multiple must names necessary need needed network new newly nids nodes not notification now number objects office365 okta once one open orchestration order organization organization’s organizations original other others out overview own parties partnerships past pay percent period permiss permission permissions phishing pieces pinpoint platform platforms please plugins policies ports possible possibly practitioners preferred presenting prevent preventing previously primary privilege privileged privileges procedures process processed product programmatically project properly protect protected protecting protection provide provided providers provides public publicly published rce reached reached: read reality recent record recorded refer regardless region regions regular rejected release report reported repositories represents request requests resource resources result revoked rhino right risky roaming role rule rules say scaling scenario scenarios script security seen sell sensitiv |
| Tags | Tool Threat Guideline |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.