Visibility & Enforcement

Visibility¶

Tool	Description
GCP Resource Manager	Hierarchically manage resources by project, folder, and organization
cartography	Python tool that consolidates infrastructure assets and the relationships between them in a graph view powered by a Neo4j database (AWS/GCP) Additional Blog Posts: Marco Lancini Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography Marco Lancini Tracking Moving Clouds: How to continuously track cloud assets with Cartography Marco Lancini Automating Cartography Deployments on Kubernetes: automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine and Elasticsearch as a SIEM Cartography: using graphs to improve and scale security decision-making
starbase	Starbase collects assets and relationships from services and systems including cloud infrastructure, SaaS applications, security controls, and more into an intuitive graph view backed by a Neo4j database You can also refer to the companion blog post

Tool	Description
Cloud Custodian	Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management
Cloudkeeper	Standalone CLI tool that periodically collects a list of resources in cloud accounts (AWS, GCP, Azure), provides metrics about them, and can clean them up
ForsetiSecurity	Rule-based policies to systematically monitor GCP resources
project_lockdown	Collection of automated remediation Cloud Functions that react to high risk events in real time