Cloud and Container Security
InGuardians has served as members of the Kubernetes project Security Audit Working Group and includes a Kubernetes project contributor. The team has also developed Open Source projects for Kubernetes, including Peirates, a Kubernetes penetration testing tool, and Bustakube, an intentionally-vulnerable Kubernetes cluster built as a teaching tool.
The services below are a subset of what InGuardians can do for your organization.
Kubernetes Penetration Testing
InGuardians is recognized as a leader in security testing for the Kubernetes ecosystem. Our team includes a Kubernetes Security Audit Working Group co-lead and an official member of the Kubernetes project. The team trains information security practitioners to attack and defend Kubernetes, giving training and talks at conferences, including the Black Hat Briefings, RSA, and DEF CON. InGuardians has developed tools for Kubernetes penetration testing, including Peirates and Bustakube.
InGuardians has performed many Kubernetes penetration tests, attacking on-premises, cloud-based and hybrid clusters. The team’s experience spans multiple Kubernetes distributions and installers, as well as managed Kubernetes environments, like Google Cloud’s GKE, Amazon’s EKS and Microsoft Azure’s AKS.
Cloud Security Architecture and Product Review Services
InGuardians understands that the use of Cloud-Native Applications goes beyond replacing data center assets for virtual machines. This kind of application development architecture can redefine how applications run by giving organizations an efficient, reliable and scalable platform.
Whether it’s AWS, GCP or Azure, companies’ rising adoption of these technologies has contributed to a widening of this type of attack surface. With that in mind, InGuardians offers state of the art Security Architecture Review and Product Review services, assessing the most important aspects of cloud security deployment, focusing on foundational services such as:
- Identity and Access Management
- Storage Services
- Perimeter Defenses
- Serverless / Functions as a Service
Cloud-Native Penetration Testing
In addition to Cloud Security Architecture Consulting Services, InGuardians offers Cloud-Native Penetration Testing, where user-owned assets and applications in the cloud can be tested from the perspective of a malicious actor. These are recommended after security architecture review completion or for more mature cloud deployments and are restricted to the implementation of the cloud environment and not the underlying infrastructure.
Whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, IBM Cloud, or Oracle Cloud Infrastructure (OCI) to build your application, InGuardians can provide attack emulation and security architecture advice, from the perspective of the Red Team. Our team has experience attacking applications built on these services and can draw on the expertise of the builders of these platforms.
Executive Consulting Services
If you are unsure of your business needs, our team of experts may assess your enterprise security posture, and assist in strategic decision points.
Press and Speaking
InGuardians subject matter experts are available for press and public speaking opportunities. We write, we teach, we do.