GCP Integration with Trend Micro Cloud One Workload Security is a Snap

Hey Everyone! Wanted to switch gears today and showcase some new experiments that I have been playing around with lately. These are capabilities with Trend Micro Cloud One Workload Security and GCP account integration, and as an added automated bonus Infrastructure as Code with Google Cloud Deployment Manager.

Alrighty then, so let's get started! The first thing you probably should do is get the Google Cloud SDK up and running. You can download the official Google Cloud SDK and install it as I did shown below from my machine.

Download link for reference: https://cloud.google.com/sdk/docs/install

The next thing I did was enable the APIs with Google Deployment Manager in my personal GCP Project. This is so that I could interact with the Cloud Deployment Manager programmatically.

After doing this and authenticating to my GCP account, I should be able to interact with Cloud Deployment Manager. This is shown below.

Ok, cool! So, let's go ahead and spin up a virtual machine that we will use as our source image for IaC. We will go ahead and run our Trend Micro deployment script to bake the security agent inside this test GCP source image. This is one way to accomplish installing the Trend Micro Cloud One Workload Security agent. You could also call the deployment script at Virtual Machine launch-time with the startup-script attribute. I will show both methods as an example.

So, once my source machine has been provisioned, I am going to go ahead and ssh onto the instance. Once there, I am going to go ahead and download my handy-dandy deployment script from my Trend Micro Cloud One console shown below. Look out below! Screenshots galore!

In the ssh procedure, I went ahead and copied the deployment script and made executable to run on my source image machine. You can see the agent being installed.

Let's go ahead and check in on the Trend Micro Cloud One Console and see if this source machine has checked in properly.

Looks like it has and showing managed and online! I wanted to stop right here and detour a bit. If you notice, we have the GCP account/project integration on the left-hand side! So awesome that you can tie in your GCP account and associated projects to see if your workloads are protected or not by Trend Micro. Integration at its finest! You can also add other associated GCP accounts or other public cloud accounts for a single pane of glass for all your cloud workloads. As, Bill and Ted say: Excellent!

Here are the docs from Trend Micro to easily add your GCP accounts and subsequent projects with a GCP connector using a GCP service account.

https://cloudone.trendmicro.com/docs/workload-security/gcp-add/

Alrighty then! Next, what I did is create a repeatable image of that virtual machine using the image creation option with Compute Engine in my project.

Now, I have a source image that I can use for repeatable deployments in the future that has my Trend Micro Cloud One agent already pre-installed.

With those repeatable deployments, we are going to use Infrastructure as Code utilizing the sample deployment templates from Google's official GitHub. Link below!

https://github.com/GoogleCloudPlatform/deploymentmanager-samples

Here is my Visual Studio Code IDE showing the section where I add my newly referenced source image stored inside my GCP account to the deployment template. You can also utilize the startup-script method, and pull in the deployment script from an available Google Storage Bucket. Either way, it should work! We are going to utilize the pre-baked custom image we made earlier.

Here we are running our deployment script utilizing the Google Cloud SDK on my system.

You can also monitor the deployment process in the GCP console with Deployment manager. Seamless!

Alrighty, that looks really good! Let's check in on our Trend Micro Cloud One Console and see if our GCP workload shows up.

Yep, there it is! Looks like it automagically applied a security policy. How did it do that?? I don't remember specifying that in the deployment script that I ran on the initial capture image. Ohhh, ok, yes I forgot to show you event based tasks in Trend Micro Cloud One Workload Security!

So, in the Administrative section of the Cloud One Workload Security console, you can easily create an event based task for your GCP workloads. This way, I make sure that I have a policy assigned for every machine I spin up in my GCP account with an "Linux Best Practices policy".

You can always use Smart Folders to easily get to the workloads that you want to inspect based off GCP tags etc. Here is an example where I am filtering by OS and GCP Label of "name: trend".

This saves me time where I can check out my smart folders instead of going into and drilling down into the GCP projects level.

Well, that's it folks! I hope you enjoyed stopping on by to check on how you can integrate Trend Micro Cloud One Workload Security with your GCP workloads. Until next time! Stay safe out there!

References:

https://github.com/GoogleCloudPlatform/deploymentmanager-samples

https://cloudone.trendmicro.com/docs/

https://cloudone.trendmicro.com/docs/workload-security/gcp-add/

https://cloud.google.com/sdk/docs/install