Other

Cloud Asset Inventory

General Info

• A metadata inventory service that allows to view, monitor, and analyze all your GCP and Anthos assets

Characteristics

• Can be used for dynamic configuration and policy enforcement

Cloud Armor

General Info

• Works with HTTP(S) LBs to provide DoS protection

Characteristics

• Security Policies
  • Allow/Deny IP/CIDR
  • Deny rule: error codes 403, 404, 502
  • Priority: rule order
• Cloud Armor Web Application Firewall
  • Pre-configured rules
  • Custom rules (L3 - L7)
• Integrates with Security Command Center
  • Alerts of potential L7 attacks
  • Real-time notification of:
    • Allowed traffic spike
    • Increasing deny ratio

Cloud Security Scanner

General Info

• Web security scanner which probes for common vulnerabilities in Google App Engine and GCE applications
• It can automatically scan and detect four common vulnerabilities:
  • XSS
  • Flash injection
  • Mixed content (HTTP in HTTPS)
  • Outdated/insecure libraries