GCP Policy Intelligence Capability Group

This control can be used to limit permissions to discover cloud accounts in accordance with least privilege principles and thereby limits the accounts that can be used for account discovery.

IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. This control may mitigate adversaries that try to enumerate users access keys through VM or snapshots.

Recommender generates policy insights by comparing the permissions that each principal used during the past 90 days with the total permissions the principal has. This can be used to limit the permissions associated with creating and modifying platform images or containers that adversaries may try to access.

Adversaries may attempt to implant cloud or container images with malicious code to gain access to an environment. The IAM audit logs can be used to receive data access and activity logs who has accessed to certain resources.

This control may limit the number of users that have privileges to discover cloud infrastructure and may limit the discovery value of the dashboard in the event of a compromised account.

IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. This control may mitigate adversaries that try to gain access to permissions from modifying infrastructure components.

Adversaries may bypass UAC mechanisms to elevate process privileges. This control can be used to help enforce least privilege principals to ensure that permission levels are properly managed. Along with this, Policy Analyzer lets users know what principals have access to resources based on its corresponding IAM allow policies.

IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. This control may mitigate adversaries that try to perform privilege escalation via permission levels and software exploitation.

Adversaries that try to disable cloud logging capabilities have the advantage to limit the amount of the data that can be collected and can possibly control not being detected. This control may be used to ensure that permissions are in place to prevent adversaries from disabling or interfering with security/logging services.

Adversaries may obtain and abuse credentials of a cloud account by gaining access through means of Initial Access, Persistence, Privilege Escalation, or Defense Evasion. IAM Recommender helps enforce least privilege principals to ensure that permission levels are properly managed.

Adversaries that try to disable cloud logging capabilities have the advantage to limit the amount of the data that can be collected and can possibly control not being detected. This control may be used to routinely check role account permissions in IAM audit logs.

IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. This control may mitigate adversaries that try to perform privilege escalation via permission levels and software exploitation.

Adversaries may obtain and abuse credentials of a cloud account by gaining access through means of Initial Access, Persistence, Privilege Escalation, or Defense Evasion. IAM Recommender helps enforce least privilege principals to ensure that permission levels are properly managed.

This control can be used to limit permissions to discover user accounts in accordance with least privilege principles and thereby limits the accounts that can be used for account discovery.

Utilization and enforcement of MFA for user accounts to ensure that IAM policies are implemented properly shall mitigate adversaries so that they may not gain access to user accounts. Enforce the principle of least privilege by ensuring that principals have only the permissions that they actually need.

Utilization and enforcement of MFA for user accounts to ensure that IAM policies are implemented properly shall mitigate adversaries so that they may not gain access to user accounts. Enforce the principle of least privilege by ensuring that principals have only the permissions that they actually need.

Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files. Enforcing the principle of least privilege through IAM Recommender role recommendations help admins identify and remove excess permissions from users' principals, improving their resources' security configurations.