1. Introduction #
This document offers thorough instructions for integrating Cloudnosys projects with Google Cloud Platform (GCP), enabling malware scanning, CVE, and CSPM. Clients can safely connect their GCP environments to Cloudnosys by following these steps, which enable thorough risk evaluations and useful insights.
Cloudnosys provides deployment options in both Basic and Advanced. Only the misconfigurations will be detected by the Basic protection level; the Advanced protection level will also detect malware and operating system vulnerabilities.
The Orchestrator and Scanner are the two core components of the Cloudxray architecture. The orchestrator will be deployed in a single region and live in our GCP account, while the scanner(s) will be deployed in all the zones and regions that have been found and have instances to scan within your linked GCP project. You will create a service account in your GCP project and share the service account key with Cloudnosys during the Cloudxray deployment so that Cloudnosys can scan your account and inform you of the Risks & Vulnerabilities.
Recommendation: Through our Agentless Cloudxray, Cloudnosys suggests the Advanced mode of deployment, which will provide you with an extra layer of security against OS vulnerabilities and CVEs (malware), in addition to addressing risks and vulnerabilities in your GCP project.
2. Prerequisites & Requirements #
The prerequisites and requirements needed to run and use our solution are explained in detail in this section.
For Linux, Windows, and Mac, Cloudnosys offers posture management (misconfiguration detection) and malware detection. Only Linux-based operating systems are currently supported for vulnerability scanning (CVE).
2.1 Time to Deploy Cloudxray #
For the Basic Protection Level, the deployment process will take two to three minutes. It can take an extra three to four minutes for the Advanced Protection Level. Finally, testing and configuration can take an additional two to three minutes.
2.2 GCP Cloud Account #
You must already be set up with a GCP account. If not, we advise you to go to the following website and create an account first:
2.3 GCP Identity & Access Management (IAM) #
Your IAM user should have a policy that allows the creation of service accounts, binding roles to the service account, and enabling the APIs, and actions.
3. Architecture #
Deploying certain resources in your GCP project is necessary for Cloudxray. Initially, you will be asked to create a service account with the necessary roles to carry out CSPM, malware, and CVEs scanning when you connect your GCP cloud account to Cloudnosys. To finish the onboarding process, you will need to add a key and provide the JSON key after the service account has been created (Link to GCP onboarding).
4. Cost #
Based on testing conducted on GCP, we observed that scanning 10 GB of data on a VM Instance disk takes approximately 25 minutes while scanning 20 GB of data takes around 50 minutes.
Considering this, the estimation for scanning 25 GB of data would be approximately 60 minutes, incurring a cost of $0.19 (equivalent to the hourly cost of a c2-standard-4 instance).
Therefore, the projected benchmark scanning cost for an EC2 instance is as follows:
Scanning 25 GB of data for 1 hour will cost $0.208 (“c2-standard-4” running cost).
The cost for scanning 1 GB of data is $0.0079
For scanning 100 GB of data, the cost will be $0.76
The estimated cost for scanning 1 TB of data is $7.6
NOTE: As the number of instances increases, the cost of Cloudxray will be more optimized as 5 volumes can be scanned by one scanner at a time.
Please visit GCP Pricing for the latest pricing information at https://cloud.google.com/products/calculator
5. Monitoring (Health Check) #
To make sure that the application is functioning normally, the following steps can be taken:
- You will receive email and platform system notifications if there’s an issue detected in the system
- You can check logs (AWS/Azure/GCP) for any errors generated by Cloudnosys deployed resources
- Check to see if the last scanned date is NOT older than expected.
6. Support #
Cloudnosys is a SaaS solution and is self-servicing. However, our enterprise package comes with 4 weeks of onboarding & training. For all other matters, assistance is available via live chat on the platform or email at [email protected]
CSPM, CVE, and Malware Scans #
Cloud Security Posture Management (CSPM) #
Objective: Identify misconfigurations and compliance issues within your GCP environment.
Process: Cloudnosys scans your GCP resources against industry best practices and compliance standards, highlighting areas of concern.
Common Vulnerabilities and Exposures (CVE) #
Objective: Discover known vulnerabilities within your GCP-hosted applications and infrastructure.
Process: Cloudnosys leverages updated CVE databases to scan and report vulnerabilities, providing severity ratings and remediation guidance.
Malware Scans #
Objective: Detect and report any malware present in your GCP storage and virtual machines.
Process: Cloudnosys scans files and VM images for malware signatures and suspicious patterns, alerting you to potential threats.
Viewing Scan Results #
Dashboard: Access the Cloudnosys dashboard to view detailed reports of your scans, including identified risks, vulnerabilities, and recommended actions.
Conclusion #
Integrating your GCP project with Cloudnosys enhances your security posture by providing comprehensive insights into CSPM, CVEs, and malware threats. For further assistance, contact Cloudnosys support.
TROUBLESHOOT Cloudxray #
Welcome to the Troubleshooting guide for Cloudxray. Whether you’re new or experienced, we’re here to help you get the most out of Cloudxray. This guide helps you troubleshoot issues encountered during the Cloudxray cleanup process. It includes information on manually deleting Cloudxray resources and using the force cleanup function.
The Cloudxray force cleanup function deletes all resources, leaving behind lingering resources and generating an alert. The Cloudnosys interface provides a manual force cleanup option after an automatic cleanup failure.
Force Cleanup Process
- Alert Notification: You will receive an alert indicating the failure of the automatic cleanup function for a specific Cloud Account.
- Active Cleanup Button: Following the alert, the “Cleanup Function” button on the Configurations tab within the Cloud Accounts page for the affected account will become active.
- Manual Force Cleanup: Click the activated “Cleanup Function” button to initiate the manual force cleanup process.
- Cleanup Execution Confirmation: The manual force cleanup function will attempt to remove any remaining Cloudxray resources from your AWS/GCP Cloud account.
- Success Notification: Upon completing the manual force cleanup, you will receive an alert confirming that the cleanup has been executed successfully.
Important Notes
- Force Cleanup is intended for situations where the automatic cleanup fails. It’s generally recommended to use the standard cleanup process whenever possible.
- Force Cleanup may take some time to complete depending on the number of resources that need to be deleted.