We provide the perspective to surface the real risks to your cloud-native stack.
After a kick-off meeting that ensures alignment of objectives and communication paths, the Darkbit team will proceed to the configuration and metadata collection phase. First, a complete cloud resource and IAM inventory of the entire account or organization is acquired. Next, full container orchestration (GKE, EKS, ECS, or standalone Kubernetes) resource and RBAC exports are performed for all clusters. Finally, additional supporting data relevant to the environment is collected, and the data is securely stored in a cloud storage bucket in the client's account accessible to the Darkbit team.
With all the exported data available, the Darkbit team leverages custom tooling to identify gaps in security best-practices, network access, IAM permissions, and more across all three tiers (cloud provider, container orchestration, and container workloads) of the containerized stack. Automation helps assure breadth of coverage, and it's complemented by deep human analysis to find unintended interactions between services that can expose hidden risk.
Tools can't always provide the right context. So the Darkbit team works with the members of the client's security, networking, operations, and development teams to gain a better understanding into processes, team structure, strategies, policies, and other supporting context. Using this insight, we can apply a layer of context over the data to identify areas for strategic improvement and to understand how the organization prioritizes specific aspects of the infrastructure for criticality and risk.
With the benefit of understanding both the technical environment and the processes in place, the Darkbit team performs a threat modeling exercise of common attack scenarios relevant to containerized environments. For each scenario, an assessment of how the environment is able to detect and/or prevent the methods of attack is performed from the perspective of multiple threat actor personas. These scenarios help clients understand how their combined controls and processes stack up against these types of sophisticated threats.
Finally, the Darkbit team identifies tactical and strategic findings across the entire environment. This final report highlights not only areas for improvement, but areas of excellence that can serve as a foundation for further best practices. The report itself is designed to be integrated with a client's existing workflows. Management and team members alike will find actionable guidance in the report. As a dynamic and interactive client-side application, all of data presented in the report can be viewed, filtered, and exported to CSV and JSON from https://report.darkbit.io. As a client analyzes the findings and recommendations, the Darkbit team is available to provide guidance and deeper understanding to aid in executing actionable remediation strategies.
We're proud to work for some of the most innovative cloud-first organizations.
The Darkbit assessment was both valuable an actionable. We will use the report to fix what needs to be fixed and create validation tools that will ensure continuous security and compliance.
The Darkbit assessment established a baseline for our Kubernetes security posture and identified areas of discrete and outcomes-based improvement.
The Darkbit engagement delivered great security analysis, with much more depth and better results than I was expecting!
Darkbit helped us apply security and risk context across our cloud environment to prioritize the most important areas to address first. The team’s deep Kubernetes expertise helped us ensure we have a secure foundation as we continue to scale.
As a security solution for healthcare, we needed the strongest possible security across our environment. The Darkbit team worked with us to develop a robust infrastructure-as-code approach to baking security into product development processes. We are now able to meet the extremely high level of security that our customers require for storing their sensitive data.