Cloud and Container Security
InGuardians leads the information security offensive services community in cloud, container, and Kubernetes security. The InGuardians team regularly speaks and teaches Kubernetes and container security at top industry conferences, including RSA, Black Hat, Microsoft’s BlueHat, DEF CON, and the Cloud Native Computing Foundation events, including KubeCon. InGuardians teaches sold-out Black Hat classes on Kubernetes and container security. The InGuardians team has also developed open-source tools for Kubernetes, including Peirates, a Kubernetes penetration testing tool, and Bustakube, a capture-the-flag (CTF) Kubernetes cluster. InGuardians staff members also founded and manage the annual DEF CON Kubernetes Capture the Flag competition.
The services below are a subset of what InGuardians can do for your organization.
Kubernetes Penetration Testing
InGuardians has performed many Kubernetes penetration tests, attacking on-premises, public cloud-based, and hybrid clusters. The team’s experience spans multiple Kubernetes distributions, including upstream Kubernetes, OpenShift, and Rancher’s K3S, as well as managed Kubernetes environments, like Google Cloud’s GKE, Amazon’s EKS, and Microsoft Azure’s AKS.
InGuardians also teaches Kubernetes attack techniques and has developed private and open-source tools for Kubernetes penetration testing, including the Peirates penetration testing tool.
Serverless Penetration Testing
InGuardians has tested many cloud environments, including applications that began their life in cloud-native environments, as “serverless” or “function as a service” deployments. The team’s experience with cloud APIs spans and exceeds the three major domestic cloud providers, Amazon’s AWS, Microsoft’s Azure, and Google Cloud. It’s not uncommon for our customers to contract InGuardians to advise on and test their migrations from the data center to the cloud. These can include everything from lift-and-shift deployments to rip-and-replace cloud-native deployments.
Cloud Security Architecture and Product Review Services
Cloud-Native applications don’t simply replace on-premises virtual machines with cloud provider virtual machine instances. Cloud-Native architectures redefine how your organization develops, scales, and maintains services.
Whether companies design their applications for a major cloud provider, an on-premises API-driven infrastructure, or use a hybrid approach, orchestration widens their attack surface. With that in mind, InGuardians offers state-of-the-art Security Architecture Review and Product Review services. Our clients hire us to assess and advise on the most important aspects of cloud security development and deployment, focusing on foundational services such as:
- Continuous Delivery / Continuous Integration (CI/CD) Pipelines
- Identity and Access Management
- API Gateways and Network Defenses
- Container Orchestration
- Detection and Logging
- Serverless / Functions as a Service
Cloud-Native Penetration Testing
In addition to Cloud Security Consulting Services, InGuardians offers Cloud-Native Penetration Testing, emulating adversaries’ attacks on cloud-based assets and applications.
During these engagements, multiple scenarios and techniques are employed. Some examples are:
- Cloud compromise through a public application or API
- Privilege escalation through over-privileged roles.
- API Keys are obtained through exposed code repository files.
- Attacking from the perspective of a compromised cloud user or component (assume-breach scenario).
Executive Consulting Services
If you are unsure of your business needs, our team of experts may assess your enterprise security posture, and assist in strategic decision points. For example, the team can advise on both the advantages and likely pitfalls of a move to public, private, and hybrid clouds.
Whether you’re building a product that integrates an orchestration system or use APIs and orchestration systems to offer your services, InGuardians can both emulate attacks and advise on improvements, combining the mindset and creativity of an attacker with the professionalism and expertise of skilled security professionals.
Press and Speaking