CloudQuest Guardian
Continuous Security Monitoring and Control, Purpose Built for the Google Cloud Platform
overview
Overview

Enterprise users demand unfettered access to the Cloud. IT is under pressure to enable seamless, frictionless, access to the Cloud. Meanwhile, thanks to recent high profile exploits, Security and Risk Officers (CSRO) and InfoSec are on the hook, as the C-Suite and Board now demand regular security updates.

The reality is that while Security and Risk Officers have the responsibility to ensure security, they simply lack the resources and the tools to effectively assess the overall security posture at a given point in time.

CloudQuest Guardian is designed to address the needs of IT/InfoSec, CSOs and Risk Officers - specifically the security challenges that result from extending the Enterprise into the Cloud.

Guardian Framework Architecture

CloudQuest Guardian is purpose built for the Google Cloud Platform (GCP) by leveraging Forseti Security - a community-driven collection of open source tools to improve the security of GCP environments.

Forseti comprises of three core modules i.e. an inventory module that takes a snapshot of resources on a recurring cadence, a scanner module that ensures that role-based access controls are set as you intended, and an enforcer module to help prevent unsafe changes.

Guardian enhances the functionality provided by Forseti by providing an easy to use, visual framework for continuous security posture assessments, reporting, remediation and auditing.

Guardian Architecture
Key Feature Highlights
Cloud Inventory
Inventory of all GCP Resources
Guardian uses Forseti to create recurring snapshots of all your GCP inventory - including IAM policies and user accounts. In line with the recommendations of the Center of Internet Security, this serves as the top security control in a comprehensive set of actions required to protect your organization and data form known attack vectors.
Detect State Changes
Precise Detection of State Changes
Guardian implements a state-machine that allows detection of changes in your GCP deployment. As a result, Guardian only reports new events when something has changed in your GCP deployment and pin-points the precise changes that cause the event to be created. Resource tables and topological views show exactly what has been added, deleted or changed from the previous state.
Continuous Vulnerability Assessment
Continuous Vulnerability Assessment
With Guardian, there are no manual assessment scans to initiate. Guardian monitors adherence to policies and alerts security personnel when violations are found, and automatically files tickets by integrating with enterprise IT defect management system.
Accountability
Accountability
Guardian enables IT to hold departments and business units accountable for adherence to security requirements. Guardian traces and rolls up violations to responsible departments or business units, enabling CSROs to instantly pinpoint the responsible parties needed to gain compliance.
Policy-Based Management
Policy-Based Management
Guardian enables enterprises to codify their security requirements into policies and tracks the lifecycle of policies. Policies are classified by impact and urgency and versioned and archived to establish provenance. Audit trails further enables accountability for policy changes to users.
Role-Based Dashboards
Role-Based Dashboards
Guardian customizes the insights, tool and workflows to the security personnel's role e.g SecOps engineer, CSO/report viewer, auditor and administrator - enabling them to optimally assess and remediate any deviations in the security posture
On Demand Remediation
On Demand Remediation
Guardian’s topological views presents violations in the context of the resources and projects they reside in. This enables SecOps to instantly gain insight into the risk profile of violations and gives them the option to immediately remediate high-risk violations directly from Guardian without having to switch to GCP console or command line tools.
Audit and Compliance Reports
Audit and Compliance Reports
Guardian enables CSRO/CIO teams to easily cater to request for audit related reports triggered by regulatory or internal milestones, by providing audit traceability for policies and violations. The report viewer role provides safe read-only access to third-party auditors to self-serve information requests.
Storage Optimization
Storage Optimization
Guardian's state-machine model allows you to run inventory scans very often to minimize the time between changes and notification. No additional storage is consumed unless something has changed in your GCP deployment resulting in tremendous savings over running Forseti only.
If you are using the Google Cloud Platform today, CloudQuest can show you how to immediately assess your security posture and establish an effective process for ongoing, security monitoring. Contact us to schedule a consultation and demo.