08 July 2019
Among security professionals, one way to identify a breach or spurious entity is to detect anomalies and abnormalities in customer usage trend. Recently, we launched the “Forseti Intelligent Agents” experimental initiative to identify anomalies, enable systems to take advantage of common user usage patterns, and identify other outlier data points. In this way, we hope to help security specialists for whom it’s otherwise cumbersome and time-consuming to manually flag these data points.
06 June 2019
With the release of the external project access scanner, data exfiltration can be mitigated by identifying users who have access to projects outside of your organization or folder. In GCP, the best practice is to use service accounts to perform actions where a GCP user isn’t directly involved. The challenge here is that a service account only has permissions in the organization where Forseti is deployed. In other words, if Forseti is deployed in Organization A, it can’t see what projects a user has access to in Organization B.
This is where the concept of “delegated credentials” becomes incredibly useful. Delegated credentials allow a service account to temporarily act as a user. After compiling a list of users in the organization, the service account impersonates each user with these delegated credentials. The scanner then obtains the list of projects to which each user has access, regardless of the organization node.
29 May 2019
At long last we’re happy to share the presentation materials from the second annual Forseti Community Day in San Francisco, held on April 12th!
10 April 2019
Today we’re excited to announce Forseti Config Validator, the newest addition to the Forseti Security toolkit. Config Validator helps cloud admins put guardrails in place to protect against misconfigurations in Google Cloud Platform environments. This allows developers to move quickly, and gives security and governance teams the ability to enforce security at scale.
01 April 2019
We’re excited to share details about the schedule for Forseti Community Day. As a reminder, this event will take place on Friday, April 12th, at the Google Community Space from 9:00 am to 4:30 pm. If you’d like to attend, please sign up here!
18 March 2019
Greetings Forseti Community,
21 February 2019
We’re excited to announce the second annual Forseti Community Day in San Francisco!
18 February 2019
We previously announced the End-of-Life for Forseti 1.0 in October 2018. We have extended that timeline, and this is the last notice that Forseti 1.0 will be removed from availability on March 15, 2019.
06 December 2018
As part of their mission to keep their enterprise secure, ClearDATA took a liking to Forseti. They were less charmed by the traditional VM-based approach, as they are a deeply serverless outfit. As such they have taken on the spirit of Open Source Contributions and adapted Forseti to interoperate with both containers and Cloud Pub/Sub. Take a look at the Google Cloud blog post to learn more! to find out more!
27 November 2018