Many organizations struggle with “credential sprawl”; an unmonitored, untracked growth of Identity and Access Management (IAM) credentials throughout their cloud environment. This is especially true in Google Cloud Platform (GCP), where in addition to users and groups, you also have service accounts. There are many tools available to assist with…

Introduction Cloud Functions is a serverless service on Google Cloud Platform (GCP) that provides an execution environment for your code. In order for a Cloud Function to interact with other GCP services and resources it needs an identity. An identity for a Cloud Function is a GCP service account and that…

November 30 — December 4, 2020 — re:Invent Security re:Cap: Week 1 AWS re:Invent is an annual cloud computing event held to showcase new features and services available on Amazon Web Services. This year, re:Invent is completely virtual, free, and spans three weeks. At ScaleSec, our focus is always on…

Announcing Project Lockdown — GCP Automated Remediation Suite Today we are announcing a new open source security tool to help keep your GCP environment more secure. Project Lockdown is a collection of automated remediation Cloud Functions that react to high risk events in real time. Our goal with Project Lockdown is to continually update its capabilities to stay…

Announcing the GCP Organization Policy Notifier

This is Part 2 of Security Best Practices for Amazon Elasticsearch. The guidance detailed in this blog is based on industry standard security best practices as well as our experiences with our customers. Many organizations have different compliance or regulatory requirements, security threat levels, or leverage Amazon Elasticsearch in different…

Security Best Practices for Amazon Elasticsearch According to Duo in 2018, there were “16K public IPs of exposed AWS managed ElasticSearch [sic] clusters that could have their contents stolen or possibly data deleted.” There have been many reports of data exfiltration and malicious data deletion due to publicly exposed Elasticsearch clusters in recent years. The need…

Inventory, analyze, and report on your GCP API keys in an automated fashion. API keys in Google Cloud Platform (GCP) are a form of authentication and authorization that can be used when calling specific API endpoints in the cloud. These keys are tied directly to GCP projects and are therefore…

Leverage GCP Cloud Functions and Event Threat Detection to automate your cloud security response. — Introduction In this article, we will cover how to automate an Event Threat Detection finding that is focused on IAM Anomalous grants. This specific event is defined as: “Detection of privileges granted to Cloud Identity and Access Management (Cloud IAM) users and service accounts that are not members of the organization”…