Virtualization - Cloud

Category: Uncategorized

Mapping of Security Controls across Major Cloud Providers Services

ON-PREMISESAWSAZUREGOOGLEORACLEIBMALIBABA
Firewall & ACLsSecurity Groups

AWS Network ACLs
Network Security Groups

Azure Firewall
Cloud Armor

VPC Firewall
VCN Security ListsCloud Security GroupsNAT Gateway
IPS/IDS3rd Party OnlyAzure Firewall3rd Party Only3rd Party Only3rd Party OnlyAnti-Bot Service

Website Threat Inspector
Web Application Firewall
(WAF)
AWS WAF

AWS Firewall Manager
Application GatewayCloud ArmorOracle Dyn WAFCloud Internet ServicesWeb Application Firewall
SIEM &
Log Analytics
AWS Security Hub

Amazon GuardDuty
Azure Sentinel

Azure Monitor
Chronicle Backstory

Event Threat Detection
Oracle Security Monitoring and AnalyticsIBM Log Analysis

Cloud Activity Tracker
ActionTrail
Antimalware3rd Party OnlyMicrosoft Antimalware

Azure Security Center
3rd Party Only3rd Party Only3rd Party OnlyServer Guard
Data Loss Prevention
(DLP)
Amazon MacieInformation Protection
(AIP)
Cloud Data Loss Prevention API3rd Party Only3rd Party OnlyWeb Application Firewall
File Integrity Monitoring
(FIM)
3rd Party OnlyAzure Security Center3rd Party Only3rd Party Only3rd Party Only3rd Party Only
Key ManagementKey Management Service KMS)Key VaultCloud Key Management ServiceCloud Infrastructure Key ManagementKey Protect

Cloud Security
Key Management Service
Encryption At RestEBS/EFS Volume Encryption

S3 SSE
Storage Encryption for Data at RestPart of Google Cloud PlatformCloud Infrastructure Block VolumeHyper Protect Crypto ServicesObject Storage Service
DDoS ProtectionAWS ShieldBuilt-in DDoS defenseCloud ArmorBuilt-in DDoS defenseCloud Internet ServicesAnti-DDoS
Email Protection3rd Party OnlyOffice Advanced Threat ProtectionVarious controls embeded in G-Suite3rd Party Only3rd Party Only3rd Party Only
SSL Decryption
Reverse Proxy
Application Load BalancerApplication GatewayHTTPS Load Balancing3rd Party OnlyCloud Load BalancerServer Load Balancer (SLB)
Endpoint Protection3rd Party OnlyMicrosoft Defender ATP3rd Party Only3rd Party Only3rd Party OnlyServer Guard
Certificate ManagementAWS Certificate ManagerKey Vault3rd Party Only3rd Party OnlyCertificate ManagerCloud SSL Certificates Service
Container SecurityAmazon EC2 Container Service (ECS)Azure Container Service (ACS)Kubernetes EngineOracle Container ServicesContainers – Trusted ComputeContainer Registry
Identity and Access ManagementIdentity and Access Management (IAM)Azure Active DirectoryCloud Identity

Cloud IAM
Oracle Cloud Infrastructure IAMCloud IAM

App ID
Resource Access Management
Privileged Access Management (PAM)3rd Party OnlyAzure AD Privileged Identity Management3rd Party Only3rd Party Only3rd Party Only3rd Party Only
Multi-Factor AuthenticationAWS MFA (part of AWS IAM)Azure Active DirectorySecurity Key EnforcementOracle Cloud Infrastructure IAMApp IDResource Access Management
Centralized Logging

Auditing
CloudWatch

S3 Bucket Logging
Azure Audit LogsStackdriver Logging

Access Transparency
Oracle Cloud Infrastructure AuditLog Analysis with LogDNALog Service
Load BalancerApplication Load Balancer

Classic Load Balancer
Azure Load BalancerCloud Load Balancing

HTTPS Load Balancing
Cloud Infrastructure Load BalancingCloud Load BalancerServer Load Balancer
LANVirtual Private Cloud (VPC)Virtual NetworkVirtual Private Cloud NetworkVirtual Cloud Network (VCN)VLANsVirtual Private Cloud (VPC)
WANDirect ConnectExpressRouteDedicated InterconnectFastConnectDirect LinkVPN Gateway

Express Connect
VPNVPC Customer Gateway

AWS Transit Gateway
Virtual Network

SSTP
Google VPNDynamic Routing

Gateway (DRG)
IPSec VPN

Secure Gateway
VPN Gateway
Governance Risk and Compliance MonitoringAWS Security Hub

AWS Compliance Center
Azure Security Center

Azure Policy
Cloud Security Command Center3rd Party Only3rd Party OnlyActionTrail
Backup and RecoveryAWS Backup

Amazon S3 Glacier
Azure Backup

Azure Site Recovery
Object Versioning

Cloud Storage Nearline
Archive StorageIBM Cloud BackupHybrid Backup Recovery
Vulnerability AssessmentAmazon Inspector

AWS Trusted Advisor
Azure Security CenterCloud Security ScannerSecurity Vulnerability Assessment ServiceCloud Security Advisor

Vulnerability Advisor
Server Guard

Website Threat Inspector
Patch ManagementAWS Systems ManagerAzure Security Center

Update Management
3rd Party OnlyIBM Cloud Orchestrator3rd Party Only3rd Party Only
Change ManagementAWS ConfigAzure Automation (Change Tracking)3rd Party Only3rd Party Only3rd Party OnlyApplication Configuration Management (ACM)

© 2020 Tech Blog

Theme by Anders NorenUp ↑