search

GoogleCloudPlatform / pbmm-on-gcp-onboarding

GCP Canadian Public Sector Landing Zone overlay on top of the TEF via CFT modules - a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
41 stars 56 forks source link

Local malware/AV IaaS service - start with Shielded VMs #160

Closed fmichaelobrien closed 5 months ago

fmichaelobrien commented 2 years ago

Issue for this design item is active security at the IaaS level (not after the effect) - we do however have real time at the network

see

DI 5: IaaS/PaaS/SaaS Application Security

Determine list of services to help enable applicaton security firewalls, vulnerability, OS protections. SCC Threat detection handles what is going on inside the IaaS/PaaS systems where Armor/IDS handle ingress/egress traffic and Shielded VMs handle IaaS.

Security Command Center Premium

Threat detection works by continuous monitoring of all cloud logs including those generated at the VM/Container OS level - via embedded logging agents and Workspace logs.
https://cloud.google.com/security-command-center/docs/concepts-event-threat-detection-overview Proactive threat detection also occurs at the perimeter to customer networks via Cloud Armor https://cloud.google.com/armor - Google Cloud's DDos and WAF SaaS. Detection can be customized by adding rules - the following is in place by default

In addition for Chrome based clients we have BeyondCorp zero trust capabilities.

Cloud Armor

Cloud Armor is part of both network and IaaS/PaaS security.

IDS - Intrusion Detection System

GCP Intrusion Detection System Service (based on the Palo Alto security appliance) - https://cloud.google.com/intrusion-detection-system handles Malware, Spyware and Command-and-Control attacks

Vendor based

For clients with existing Microsoft Defender Endpoint solutions https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide - Google Cloud supports the previous Cloud app security (Defender for Cloud Apps) solution https://docs.microsoft.com/en-us/defender-cloud-apps/connect-google-gcp

Fortigate

Shielded VMs for IaaS

Looking into Shielded VMs - looks like a local IaaS version of the PaaS services. Has malware support, no anti-virus yet TBD. https://cloud.google.com/shielded-vm

obriensystems commented 5 months ago

20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4