Cloud App Security 如何協助保護您的 Google Cloud Platform (GCP) 環境How Cloud App Security helps protect your Google Cloud Platform (GCP) environment

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

Google Cloud Platform 是 IaaS 提供者,可讓您的組織在雲端裝載及管理其整個工作負載。Google Cloud Platform is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. 除了運用雲端基礎結構的優點之外,您組織最重要的資產也可能暴露于威脅內。Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. 公開的資產包括具有潛在敏感資訊的儲存體實例、計算資源,這些資源可操作一些最重要的應用程式、埠,以及可存取您組織的虛擬私人網路。Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.

將 GCP 連接到 Cloud App Security 可協助您保護您的資產,並藉由監視系統管理與登入活動來偵測潛在的威脅,並通知可能的暴力密碼破解攻擊、特殊許可權使用者帳戶的惡意使用,以及不尋常的 Vm 刪除。Connecting GCP to Cloud App Security helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, and unusual deletions of VMs.

主要威脅Main threats

  • 雲端資源的濫用Abuse of cloud resources
  • 遭盜用的帳戶和內部威脅Compromised accounts and insider threats
  • 資料外洩Data leakage
  • 資源設定錯誤和存取控制不足Resource misconfiguration and insufficient access control

Cloud App Security 如何協助保護您的環境How Cloud App Security helps to protect your environment

使用內建原則和原則範本控制 GCPControl GCP with built-in policies and policy templates

您可以使用下列內建原則範本來偵測潛在威脅並通知您:You can use the following built-in policy templates to detect and notify you about potential threats:

類型Type 名稱Name
內建的異常偵測原則Built-in anomaly detection policy 來自匿名 IP 位址的活動Activity from anonymous IP addresses
罕見國家/地區的活動Activity from infrequent country
可疑 IP 位址的活動Activity from suspicious IP addresses
不可能的移動Impossible travel
終止的使用者 (所執行的活動 需要 AAD 作為 IdP) Activity performed by terminated user (requires AAD as IdP)
多次失敗的登入嘗試Multiple failed login attempts
不尋常的系統管理活動Unusual administrative activities
多次 VM 刪除活動Multiple delete VM activities
(預覽) 不尋常的多重 VM 建立活動Unusual multiple VM creation activities (preview)
活動原則範本Activity policy template 計算引擎資源的變更Changes to compute engine resources
StackDriver 設定的變更Changes to StackDriver configuration
儲存體資源的變更Changes to storage resources
虛擬私人網路的變更Changes to Virtual Private Network
從有風險的 IP 位址登入Logon from a risky IP address

如需建立原則的詳細資訊,請參閱 建立原則For more information about creating policies, see Create a policy.

自動化治理控制項Automate governance controls

除了監視潛在威脅之外,您還可以套用並自動執行下列 GCP 治理動作來補救偵測到的威脅:In addition to monitoring for potential threats, you can apply and automate the following GCP governance actions to remediate detected threats:

類型Type 動作Action
使用者治理User governance -需要使用者將密碼重設為 Google (需要連線的連結 G Suite 實例) - Require user to reset password to Google (requires connected linked G Suite instance)
-暫停使用者 (需要連線的連結 G Suite 實例) - Suspend user (requires connected linked G Suite instance)
-透過 Azure AD) 通知使用者警示 (- Notify user on alert (via Azure AD)
-要求使用者重新登入 (via Azure AD) - Require user to sign in again (via Azure AD)
-透過 Azure AD) 暫停使用者 (- Suspend user (via Azure AD)

如需從應用程式修復威脅的詳細資訊,請參閱 管理已連線的應用程式For more information about remediating threats from apps, see Governing connected apps.

安全性建議Security Recommendations

Cloud App Security 概述您所有 GCP 專案的 GCP 平臺設定合規性,並根據網際網路安全性 (CIS) GCP 的基準。Cloud App Security provides an overview of your GCP platform configuration compliance for all your GCP projects based on the Center for Internet Security (CIS) benchmark for GCP.

您應持續檢查安全性建議,以評估和評估平臺安全性狀態的目前狀態,並找出重要的設定間距。You should continuously review the security recommendations to assess and evaluate the current status of your platform's security posture and identify important configuration gaps. 然後,您應該建立方案來減輕 GCP 平臺中的問題。Then, you should create a plan to mitigate the issues in your GCP platform.

如需詳細資訊,請 GCP 安全性建議For more information, GCP security recommendations.

即時保護 GCPProtect GCP in real time

請參閱我們的最佳作法,以 保護與外部使用者的安全, 以及 封鎖和保護將機密資料下載到未受管理或具風險的裝置Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

下一步Next steps