Beyond the Perimeter: Uncovering the Hidden Threat of Data Exfiltration in Google Cloud Platform

In this talk, we will discuss the numerous ways attackers can steal data from Google Cloud Platform (GCP) resources with minimal chance of detection. It explores five different methods an attacker can use to exfiltrate data in the popular services: Google Cloud Storage, Cloud SQL and BigQuery. For each method we will describe the generated log events and what to look for to detect malicious behavior. We will finish with a summary of the key takeaways and next steps for attendees:

Data exfiltration from Google Cloud Platform (GCP) resources is a serious threat that can result in significant data breaches and other security incidents. Understanding the various methods of exfiltration and how to detect them is critical for effective incident response and security management.

GCP audit logs are an essential tool for detecting data exfiltration and other security incidents in the cloud environment. By analyzing the audit logs, security professionals can identify suspicious activities, detect potential breaches, and take appropriate action to prevent further damage.

To prevent data exfiltration in GCP resources, organizations must take a proactive approach to security. This includes implementing access controls, monitoring the audit logs for suspicious activities, and configuring alerts for potential security incidents. By following these best practices, organizations can reduce the risks of data exfiltration and better protect their sensitive data in the cloud.

SANS CloudSecNext Summit 2023
Beyond the Perimeter: Uncovering the Hidden Threat of Data Exfiltration in Google Cloud Platform
Speaker: Or Aspir