On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names, home addresses, email addresses, phone numbers, and medical status details. The entry point of this data breach? One misconfigured Google Cloud storage bucket.
Misconfigurations in public cloud platforms like Google Cloud often have devastating security implications. These platforms allow developers and systems administrators to quickly deploy and update applications or digital infrastructure. Unfortunately, many businesses do not have adequate visibility into their cloud environments and struggle to detect when a change has security implications.
To help our customers continuously monitor their threat exposure from GCP assets, Praetorian built a Chariot capability that continuously enumerates assets in GCP environments.
What is the GCP Capability?
The GCP capability pulls a daily list of active assets from all connected GCP projects and places these assets into Chariot’s scanning queue. The capability will enumerate assets from a variety of cloud services, including compute instances, serverless functions, and Google Cloud DNS records.
How to use the GCP capability?
To integrate Chariot with a GCP environment, create a GCP service account with the `roles/Viewer` role in each project you wish Chariot to scan, and provide the service account’s email address and private key to Chariot. For more information on leveraging the GCP capability, please see the official documentation. Once configured Chariot will routinely enumerate GCP assets and scan each identified asset for exploitable vulnerabilities.
Getting Started With Chariot
Curious what vulnerabilities you may have in your cloud attack surface? Create a free Chariot account and configure the Chariot GCP integration. It will have results ready faster than you can say “Google me”.