Secops Q1 2021 OKR Update
Hits:
- Deploying Forseti Open source security tool in GCP.
- Solution is deployed in TVLK-Security project in GCP
- Currently scanning the overall GCP Environment and identifying Security Issues.
2. Implementing Akamai BMP solution and on-boarding endpoints.
Misses:
- Blueraptor EDR Project deployment on Traveloka employees windows machines
- Currently, 775 windows machines are installed with the solution.
- Due to the WFH arrangements and Kaseya dependencies, this project is blocked.
- Solution: Implement Kaseya Public
2. Bitlocker Project deployment on Traveloka employees windows machines
- As per the initial plan, deployment was started with Veitnam Location. Right now, 26 machines out of 66 machines are sucessfully encrypted.
- Due to the WFH arrangements and Kaseya dependencies, this project is blocked.
- Solution: Implement Kaseya Public
3. On-boarding initial set of GCP logs to SIEMonster solution.
- Created and tested data pipeline to on-board Activity logs in GCP.
- Details are here:
Project Name: TVLK-Security
Pub/Sub Topic ID: wazuh-gcloud-log-topic
Pub/Sub Subscription ID: wazuh-gcloud-log-topic-sub
- Currently, we are facing an integration issue between GCP and SIEMonster related versionning issue. Solution: Upgrade our SIEMonster solution to newer version to resolve this issue.
- Escalated to vendor and resolve it ASAP.
Challenges:
- Security gaps in GCP:
- Clean-up of unused projects on GCP:
- As per Data team, there is no standard procedure to perform the clean-up of unused/testing projects in GCP.
- Un-aware of dependencies created in these projects.
- No visibility on ownership of these projects, since these projects are created by ex-employees. of traveloka.
- Service Keys used on GCP
- No visibility on the usage of service keys in GCP
- No control over rotating services keys.
- Security concern of service keys still stored with ex-employees of traveloka.
- Implement and streamline security controls in GCP. Improve the visibility and security posture across the organisation.
Future Outlook:
- Implement Kaseya public to improve visibity across the endpoints and resolve the blockers w.r.t EDR anf bitlocker projects.
- Improve AD security and password management policy.
- Address security issues/gaps and improve visibility in GCP environment.
- Focus on improving detection capabilities across platforms.
- Effectively use Akamai BMP with smooth migration from DataDome.