Cloud Endpoints provides features to help secure, monitor, and analyze APIs. It uses security features such as authentication and authorization and device verification to help protect data across users' mobile devices, desktops, laptops, and other endpoints.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1052.001 | Exfiltration over USB |
Comments
The Cloud Endpoints capability can prevent exfiltration over USB by disabling USB file transfers on enrolled devices through features like device control.
References
|
| cloud_endpoints | Cloud Endpoints | respond | partial | T1078 | Valid Accounts |
Comments
The Cloud Endpoints capability provides support for multiple authentication methods, including API keys and Google ID tokens. Implementing multi-factor authentication (MFA) across account types, including local, domain, and cloud accounts, can prevent unauthorized access even if credentials are compromised.
References
|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1110 | Brute Force |
Comments
Cloud Endpoints allows administrators to set up login challenges, where a user attempting to access an API might be prompted to complete an additional verification step (like entering a code sent to their phone or answering a security question) before being granted access.
References
|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1567.002 | Exfiltration to Cloud Storage |
Comments
Cloud Endpoints can place restrictions on which apps can be installed and accessed on enrolled devices, preventing exfiltration of sensitive information from compromised endpoints to cloud storage.
References
|