Services Cloud Security Compliance Readiness Kit

An custom analysis of your cloud infrastructure that shows your conformance to compliance standards that matter to you.

What we do...

Painless data collection
Most clients can provision access and supporting resources in a matter of minutes, all of our collection tools are custom-developed and released as open-source, and the read-only collection process can be safely performed without any impact to production systems. De-provisioning access when the engagement is over is just as easy.
Deep resource coverage
Our collection approach goes far beyond just the surface-level issues that apply to the core cloud services. We go deeper than just basic configuration settings. We evaluated related resources and give deeper insight into the often-overlooked combinations that attackers count on to be successful.
Actionable findings
Every finding includes an attacker-focused risk rating, a description with examples of how an attacker might benefit, an operations-focused remediation plan describing known "gotchas" and estimated level-of-effort required to implement, commands to run to validate the issue has been fully remediated, references to more supporting information, and multiple tag types for filtering.
Compliance guidance
While compliance-focused engagements have unique goals and priorities from pure security risk assessments, our approach allows you to see your environment from both perspectives and where they overlap. You shouldn't have to choose between them.
Flexible report options
We recognize that the output of our work is likely the input for other tools like ticketing systems or workflow management platforms. We group related findings to avoid finding fatigue and deliver our them to you via a dynamic and flexible tool that allows you to sort, filter, and prioritize based on your unique needs.
VMware Carbon Black

“The Darkbit assessment was both valuable an actionable. We will use the report to fix what needs to be fixed and create validation tools that will ensure continuous security and compliance.”

You might be thinking...

How long does this take?
We've built a lot of custom tools and process to make the tedious parts of a cloud security assessment as effecient as possible. We can usually finish the entire project in 1-2 business days.
How much does it cost?
We always give you the full cost up front, so there are no surprises. For a single AWS account or Google Cloud organization, the cost is $5,000 USD.
How is this different from a compliance audit?
Compliance readiness is the work you do upfront to ensure that you can pass your compliance audit later. We are not an assessor. Our Compliance Readiness Kit will prepare you to easily pass your next audit.
What compliance standards do you support?
We base our assessment around a comprehensive set of cloud security controls. All of the controls have been created from scratch and mapped back to multiple compliance standards and frameworks. If you're concerned with CIS, PCI DSS, SOC2, HIPAA, GDPR, FedRAMP, or CMMC, we've got you covered.
What kind of deliverables do you give me?
We deliver our entire report, findings, recommendations, and compliance readiness report via a client-side web interface. The interface let's you filter and sort the data in ways that best suit your team's workflow.

Why work with us?

Your primary business probably isn't cloud security, but ours is. Working with us lets you focus on what you do best. We only do one thing - cloud security - and we take a lot of pride in doing it well.

We're experts
Helping clients improve their cloud security posture is all we do. That focus allows us to spend considerable time and energy researching modern threats to cloud-first companies so you don't have to.
We do the tedious work
Many companies are building and developing at a fast pace. Digging into security issues across a sprawling cloud infrastructure can be time consuming and tedious, especially if you don't have the right tools and processes close at hand.
We've seen it before
We've seen a lot of different environments. We've seen what works and what doesn't at many different scales. While we don't specifically endorse 3rd party products or vendors, we can usually tell you what other clients have been successful with and where they've run into problems.

Ready to get started?

Give us some basic info about your organization.

The best way to see if we're a fit for you is to have a quick phone or video call. We'll ask a few questions and explain our approach. If we can help, we'll lay out a clear timeline of what to expect and then we'll get to work.

When you fill out this form, we'll email you right away to schedule the initial call via phone or video.

Our workloads run primarily on:
We are required to meet these compliance standards: