Darkbit is
cloud-native
security built for your business.

Making sure your environment is secure can be a daunting task when you're moving at the speed of innovation. Let our team of experts fast-track your journey to securing your cloud-native workloads.

Move fast and  break  fix things.

More than 95% of cloud breaches happen due to misconfiguration.

Why us?

Deep expertise

Cloud-native security is all we do. The Darkbit team has been singularly focused on cyber and information security for over 20 years.

  • 1

    Experience

    We've delivered needle-moving security solutions for 10-person startups to 20,000+ person Fortune 100 companies.

  • 2

    Expertise

    We're builders at heart. The Darkbit team has been building cloud-first, enterprise grade applications for over 13 years - since before AWS had a dashboard.

  • 3

    Context

    Understanding context is critical to providing accurate guidance and effective remediation. Tools alone can't provide the context of human experts - we use both.

  • 4

    Innovation

    Is your security team the Department of "No"? We've delivered award winning security solutions that actually empower business innovation and progress.

We're experts at securing the platforms you use.

Amazon Web Services

Amazon Web Services

Google Cloud Platform

Google Cloud Platform

Kubernetes

Kubernetes

Docker

Docker

Accelerate development

When robust automation meets secure, cloud-native architecture, you can move faster, with confidence.

Cloud security

Every cloud infrastructure provider maintains a version of the shared responsibility model. They are responsible for the security of the cloud, but your are responsible for the security of what you put in the cloud.

  • Identity

    Is your cloud infrastructure effectively leveraging least priviledge for IAM roles? Are user, group, roles, and service accounts properly configured with only the access they need?

  • Networking

    Are your APIs and control planes exposed on public IP addresses? A single DoS vulnerability or remote exploit could bring down the management layer or allow attackers in.

  • Data Access

    Are your storage endpoints exposing sensitive data publicly? Do you monitor all storage endpoints for changes to public access settings? Do you have a real-time inventory of all storage endpoints?

Issue Severity Effort
Identity and Access Management
Custom IAM Policy allows escalation to Admin
high low
Storage
AWS S3 Bucket is public
high low
Global
AWS Config Service is not configured
high low
Identity and Access Management
IAM ServiceAccountUser granted at the project
medium medium
Serverless
Outdated Lambda runtimes in use
medium high
Network Access
Security Group allows any access to tcp/6379
medium low
Identity and Access Management
External domains permitted in security groups
medium low

Cluster security

The out-of-the-box connectivity model of Kubernetes leads to a positive first-touch experience for developers. But no default Kubernetes installation has adequate security controls in place.

  • Security Add-ons

    Security features like Pod Security Policies and Admission Controllers are add-ons and are often skipped or misconfigured. Without these properly configured features, administrators can easily expose the underlying hosts.

  • Access Control

    RBAC and namespaces are easy to misconfigure in ways that allow excessive admin privileges. Are your RBAC policies enforcing least privilege? Are your namespaces adequately segmented?

Issue Severity Effort
Security Addons
Network Policy support is not enabled
high low
Metadata API Access
Unprotected cloud Metadata APIs
high low
IAM Roles
IAM permissions grant cluster admin
high low
API Access
Control plane allows public access
high medium
Kubernetes Version
EKS version is not latest
medium medium

Workload security

Containerization allows development teams to move fast, deploy software efficiently, and operate at scale. Are you taking steps to ensure your workloads are running securely?

  • Image integrity

    Are you enforcing trusted sources for your container images? Are you enforcing specific image versions or hashes?

  • Secrets management

    Are you embedding application secrets in environment variables - baking them into images? Or are you centrally managing and rotating secrets and credentials?

  • Container networking

    The "connected by default" state of Kubernetes makes it easy to get up and running. Are you adequately controlling ingress and egress networking from pods?

Issue Severity Effort
Cluster Security
Unprotected Tiller and cluster admin binding
high low
Secrets Management
Secrets statically configured in pod ENV vars
high low
Container Security
Inconsistent use of CPU/RAM requests/limits
high medium
Network Security
Network Policies are not implemented
high medium
Workload Availability
Pod Disruption Budgets not configured
medium low
Cluster Management
Orphaned persistent volumes found
low low

What our clients say about us.

We're proud to work for some of the most innovative cloud-first organizations.

VMware Carbon Black

The Darkbit assessment was both valuable an actionable. We will use the report to fix what needs to be fixed and create validation tools that will ensure continuous security and compliance.

RapidDeploy

The Darkbit assessment established a baseline for our Kubernetes security posture and identified areas of discrete and outcomes-based improvement.

TrueAccord

The Darkbit engagement delivered great security analysis, with much more depth and better results than I was expecting!

Dark Cubed

Darkbit helped us apply security and risk context across our cloud environment to prioritize the most important areas to address first. The team’s deep Kubernetes expertise helped us ensure we have a secure foundation as we continue to scale.

Scope Security

As a security solution for healthcare, we needed the strongest possible security across our environment. The Darkbit team worked with us to develop a robust infrastructure-as-code approach to baking security into product development processes. We are now able to meet the extremely high level of security that our customers require for storing their sensitive data.