Closed fmichaelobrien closed 5 months ago
20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4
Issue for this design item is active security at the IaaS level (not after the effect) - we do however have real time at the network
see
DI 5: IaaS/PaaS/SaaS Application Security
Determine list of services to help enable applicaton security firewalls, vulnerability, OS protections. SCC Threat detection handles what is going on inside the IaaS/PaaS systems where Armor/IDS handle ingress/egress traffic and Shielded VMs handle IaaS.
Security Command Center Premium
Threat detection works by continuous monitoring of all cloud logs including those generated at the VM/Container OS level - via embedded logging agents and Workspace logs.
https://cloud.google.com/security-command-center/docs/concepts-event-threat-detection-overview Proactive threat detection also occurs at the perimeter to customer networks via Cloud Armor https://cloud.google.com/armor - Google Cloud's DDos and WAF SaaS. Detection can be customized by adding rules - the following is in place by default
In addition for Chrome based clients we have BeyondCorp zero trust capabilities.
Cloud Armor
Cloud Armor is part of both network and IaaS/PaaS security.
IDS - Intrusion Detection System
GCP Intrusion Detection System Service (based on the Palo Alto security appliance) - https://cloud.google.com/intrusion-detection-system handles Malware, Spyware and Command-and-Control attacks
Vendor based
For clients with existing Microsoft Defender Endpoint solutions https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide - Google Cloud supports the previous Cloud app security (Defender for Cloud Apps) solution https://docs.microsoft.com/en-us/defender-cloud-apps/connect-google-gcp
Fortigate
Shielded VMs for IaaS
Looking into Shielded VMs - looks like a local IaaS version of the PaaS services. Has malware support, no anti-virus yet TBD. https://cloud.google.com/shielded-vm