Editor’s note: In our first blog post for this series, we announced support for Google Workspace identity modeling in Wiz. In this blogpost, we are adding a capability to detect excessive access findings for GCP customers that don’t have IAM Recommender enabled.
As discussed in the first blogpost in this series, identity is the new perimeter in the cloud. Following the least privilege principle helps organizations reduce attack surface in the cloud, ensuring that users and services only have access to what they need to perform their tasks and minimizing the risk of unauthorized access or data breaches. Least-privilege also helps organizations prevent privilege escalation, where an attacker is able to elevate access permissions to gain deeper access to resources and data.
Google’s IAM Recommender provides GCP customers with role recommendations based on excess permissions of principals, and Wiz leverages these findings by default in its product. It was recently announced that IAM Recommender will be available for customers with organization-level activations of Security Command Center (SCC), requiring the Premium pricing tier. To provide all GCP customers with consistent visibility into excessive permissions, regardless of their SCC pricing tier, Wiz is excited to add support for Excessive Access Findings based on Google audit logs. With this launch, all Wiz GCP customers can identify excessive permissions and understand how to scope them down. Wiz excessive access analysis makes it easy for organizations to ensure least-privilege by identifying permissions that have been over-provisioned, as well as inactive users and service-accounts, based on GCP cloud events. Wiz provides you with exact guidance on how to adjust these permissions to ensure that your environment enforces the principle of least-privilege access more effectively.
You can easily view all the excessive access findings for all identities in your GCP and multi-cloud environment and drill down into the remediation guidance.
Not only does Wiz detect excessive access, but it also identifies how identity misconfigurations can create a toxic combination that leads to an attack path in your environment. In this example below, Wiz identifies a publicly exposed GCP Compute Instance that has excessive permissions and high privileges, as well as a network vulnerability with a known exploit, creating an attack path for an attacker to exploit.
All GCP customers can now benefit from consistent visibility into excessive permissions and understand how identity risks can lead to attack paths. Get started now with Wiz for CIEM, you can learn more in the Wiz docs (login needed). If you prefer a live demo, we would love to connect with you.