Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected Google Kubernetes Engine (GKE) configuration changes made in your GCP account.
Google Kubernetes Engine (GKE) is managed cloud service that enables you to deploy, manage, and scale your containerized applications using Google Cloud Platform (GCP) infrastructure. The environment provided by GKE consists of multiple Compute Engine virtual machine (VM) instances grouped together to form a GKE cluster. GKE clusters are powered by the Kubernetes, a popular open-source container-orchestration software designed for automating deployment, scaling and management of containerized applications. Kubernetes groups containers together for management and discoverability, then launches them onto clusters of Compute Engine instances. With Kubernetes you can run containerized applications including microservices, batch processing workers and Platforms as a Service (PaaS) using the same toolset on premises and in the cloud. Its main purpose is to provide better ways of managing related, distributed components and services across varied infrastructure.
Similar to other Google Cloud services, Google Kubernetes Engine (GKE) is configured to produce audit logs that can help you find who used the service to configure your GKE resources, where and when. Trend Micro Cloud One™ – Conformity RTMA uses this audit information to process and send notifications about the configurations changes made at the GKE service level. The activity detected by the Conformity RTMA feature could be a user action initiated through the Google Cloud Console or an API request initiated programmatically using gcloud CLI, that triggers the "google.container.v1.ClusterManager.CreateCluster" operation. This API operation creates a GKE cluster, consisting of the specified number and type of Compute Engine VM instances.
To maintain your Google Kubernetes Engine (GKE) service configuration secure and stable, Trend Micro Cloud One™ – Conformity strongly recommends that you avoid as much as possible to provide non-privileged GCP users (except administrators) the permission to perform GKE configuration changes within your GCP account.
The communication channels for sending RTMA notifications can be quickly configured in your Conformity account. The list of supported communication channels that you can use to receive notification alerts for GKE configuration changes are SMS, Email, Slack, PagerDuty, ServiceNow, and Zendesk.
This rule resolution is part of the Conformity solution.
A high visibility into Google Kubernetes Engine (GKE) service activity is a key aspect of security and operational best practices that helps you secure the access to your Kubernetes resources in Google Cloud. Therefore, using the Trend Micro Cloud One™ – Conformity RTMA feature to detect GKE configuration changes will help you prevent any accidental or intentional modifications that may lead to unauthorized access to your data, unexpected costs on your GCP bill, or other security issues that can heavily impact your applications.
References
- Google Cloud Platform (GCP) Documentation
- Google Kubernetes Engine (GKE)
- Google Kubernetes Engine documentation
- GKE overview
- GKE audit logging information
- Kubernetes Engine API
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Detect GCP GKE Configuration Changes
Risk Level: Low