Cloud Identity is an Identity as a Service (IDaaS) and enterprise mobility management (EMM) product. It offers the identity services and endpoint administration that are available in Google Workspace as a stand-alone product. As an end-user, Cloud Identity protects user access with multi-factor authentication. As an administrator, one can use Cloud Identity to manage users, apps, and devices from a central location—the Google Admin console.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| cloud_identity | Cloud Identity | detect | minimal | T1021.007 | Cloud Services |
Comments
This control can be used to detect adversaries that may be trying to log into cloud services.
References
|
| cloud_identity | Cloud Identity | detect | minimal | T1021.008 | Direct Cloud VM Connections |
Comments
This control can be used to detect adversaries that may try to use Valid Accounts to log into remote machines using cloud native methods such as Secure Shell (SSH).
References
|
| cloud_identity | Cloud Identity | protect | partial | T1213.004 | Customer Relationship Management Software |
Comments
The access controls in Cloud Identity, such as MFA, can help to prevent an adversary from accessing internal software such as CRM tools, protecting customer data. However, if the adversary is able to access the system, Cloud Identity is not able to protect this data, leading to a score of partial.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1213.005 | Messaging Applications |
Comments
The access controls in Cloud Identity, such as MFA, can help to prevent an adversary from accessing internal software such as messaging tools, protecting customer data. However, if the adversary is able to access the system, Cloud Identity is not able to protect this data, leading to a score of partial.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1216.002 | SyncAppvPublishingServer |
Comments
The access controls in Cloud Identity, such as MFA, can help to prevent an adversary from accessing internal software such as SyncAppvPublishingServer, protecting customer data. However, if the adversary is able to access the system, Cloud Identity is not able to protect this data, leading to a score of partial.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1585.003 | Cloud Accounts |
Comments
This control can be used to mitigate cloud account creation.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1586.003 | Cloud Accounts |
Comments
This control can be used to mitigate malicious attacks of cloud accounts by implementing multi-factor authentication techniques or password policies.
References
|
| cloud_identity | Cloud Identity | detect | partial | T1621 | Multi-Factor Authentication Request Generation |
Comments
The Identity Platform can establish limits and quotas for MFA.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1078 | Valid Accounts |
Comments
This control can be used to mitigate malicious attacks of cloud accounts by implementing multi-factor authentication techniques or password policies.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1078.002 | Domain Accounts |
Comments
This control can be used to mitigate malicious attacks of domain accounts by implementing multi-factor authentication techniques or password policies.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1078.004 | Cloud Accounts |
Comments
This control can be used to mitigate malicious attacks of cloud accounts by implementing multi-factor authentication techniques or password policies.
References
|
| cloud_identity | Cloud Identity | protect | significant | T1110 | Brute Force |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| cloud_identity | Cloud Identity | protect | significant | T1110.001 | Password Guessing |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| cloud_identity | Cloud Identity | protect | significant | T1110.002 | Password Cracking |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| cloud_identity | Cloud Identity | protect | significant | T1110.003 | Password Spraying |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| cloud_identity | Cloud Identity | protect | significant | T1110.004 | Credential Stuffing |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| cloud_identity | Cloud Identity | protect | minimal | T1133 | External Remote Services |
Comments
This control may mitigate an adversary's ability to leverage external-facing remote services through multi-factor authentication of service account credentials.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1213 | Data from Information Repositories |
Comments
MFA and enforcing the principal of least privilege can be used to control adversaries and possibly hinder them from gaining access to a victim network or a private code repository.
References
|
| cloud_identity | Cloud Identity | protect | partial | T1213.003 | Code Repositories |
Comments
MFA and enforcing the principal of least privilege can be used to control adversaries and possibly hinder them from gaining access to a victim network or a private code repository.
References
|