Cloud and Container Security

InGuardians has performed many Kubernetes penetration tests, attacking on-premises, public cloud-based, and hybrid clusters. The team’s experience spans multiple Kubernetes distributions, including upstream Kubernetes, OpenShift, and Rancher’s K3S, as well as managed Kubernetes environments, like Google Cloud’s GKE, Amazon’s EKS, and Microsoft Azure’s AKS. 

InGuardians also teaches Kubernetes attack techniques and has developed private and open-source tools for Kubernetes penetration testing, including the Peirates penetration testing tool.

InGuardians has tested many cloud environments, including applications that began their life in cloud-native environments, as “serverless” or “function as a service” deployments. The team’s experience with cloud APIs spans and exceeds the three major domestic cloud providers, Amazon’s AWS, Microsoft’s Azure, and Google Cloud. It’s not uncommon for our customers to contract InGuardians to advise on and test their migrations from the data center to the cloud. These can include everything from lift-and-shift deployments to rip-and-replace cloud-native deployments.

Cloud-Native applications don’t simply replace on-premises virtual machines with cloud provider virtual machine instances. Cloud-Native architectures redefine how your organization develops, scales, and maintains services. 

Whether companies design their applications for a major cloud provider, an on-premises API-driven infrastructure, or use a hybrid approach, orchestration widens their attack surface. With that in mind, InGuardians offers state-of-the-art Security Architecture Review and Product Review services. Our clients hire us to assess and advise on the most important aspects of cloud security development and deployment, focusing on foundational services such as:

• Continuous Delivery / Continuous Integration (CI/CD) Pipelines
• Identity and Access Management
• API Gateways and Network Defenses
• Container Orchestration
• Detection and Logging
• Serverless / Functions as a Service

In addition to Cloud Security Consulting Services, InGuardians offers Cloud-Native Penetration Testing, emulating adversaries’ attacks on cloud-based assets and applications. 

During these engagements, multiple scenarios and techniques are employed. Some examples are:

• Cloud compromise through a public application or API
• Privilege escalation through over-privileged roles.
• API Keys are obtained through exposed code repository files.
• Attacking from the perspective of a compromised cloud user or component (assume-breach scenario).

If you are unsure of your business needs, our team of experts may assess your enterprise security posture, and assist in strategic decision points. For example, the team can advise on both the advantages and likely pitfalls of a move to public, private, and hybrid clouds.

Whether you’re building a product that integrates an orchestration system or use APIs and orchestration systems to offer your services, InGuardians can both emulate attacks and advise on improvements, combining the mindset and creativity of an attacker with the professionalism and expertise of skilled security professionals.

Contact press@inguardians.com