Services Comprehensive Cloud Security Assessment

A deep analysis of your cloud infrastructure that covers the cloud provider, container orchestration, and workloads.

What we do...

Painless data collection
Most clients can provision access and supporting resources in a matter of minutes, all of our collection tools are custom-developed and released as open-source, and the read-only collection process can be safely performed without any impact to production systems. De-provisioning access when the engagement is over is just as easy.
Deep resource coverage
Our collection approach goes far beyond just the surface-level issues that apply to the core cloud services. We go deeper than just basic configuration settings. We evaluated related resources and give deeper insight into the often-overlooked combinations that attackers count on to be successful.
Actionable findings
Every finding includes an attacker-focused risk rating, a description with examples of how an attacker might benefit, an operations-focused remediation plan describing known "gotchas" and estimated level-of-effort required to implement, commands to run to validate the issue has been fully remediated, references to more supporting information, and multiple tag types for filtering.
Strategic guidance
It can be overwhelming to interpret and prioritize hundreds of findings. We distill the technical findings into areas of focus for your team to consider. We'll help you understand where to find the best return on your security investment.
Threat modeling
Plenty of software tools and SaaS products can provide a surface level snapshot of basic security findings. We map your entire cloud inventory into a graph database so we can perform complex analysis and surface attack paths that simply aren't possible any other way.
Collaborative sessions
The most valuable cloud security posture assessment considers context that using tools alone doesn't always provide. We work with your team in real-time to better understand that context and we adjust our guidance and recommendations accordingly.
VMware Carbon Black

“The Darkbit assessment was both valuable an actionable. We will use the report to fix what needs to be fixed and create validation tools that will ensure continuous security and compliance.”

You might be thinking...

How long is a typical engagement?
We've built a lot of custom tools and processes to make the tedious parts of a cloud security posture assessment as effecient as possible. We can usually finish the entire project in two weeks.
How much does it cost?
We always give you the full cost up front to avoid any surprises or cost overruns. Depending on the specific scope (number of accounts, organizations, clusters, etc.) the cost will range from $35,000 - $55,000 USD.
What do you mean by "deep analysis"?
Most assessment approaches only perform surface-level checks of settings on a specific cloud resource. Our custom data parsing and tooling allows us to see combinations of configurations across multiple related resources to provide the most comprehensive analysis possible.
What kind of deliverables do you provide?
We deliver our entire report, findings, threat models and recommendations in structured JSON format that can be easily uploaded and viewed via a purpose-built, client-side web interface. The interface lets you filter and sort the data in ways that best suit your team's workflow, or you can quickly manipulate the data using basic JSON parsing tools and scripts in any way you need (e.g. to easily bulk insert into your organization's ticketing system).
Who fixes the issues and remediates the findings identified in the report?
Ideally, this is up to your engineering, infrastructure, and security teams. However, some teams get overwhelmed at the prospect of addressing every issue indentified in the Comprehensive Cloud Security report in a reasonable timeframe. In that case, we have several trusted partners that specialize in DevOps and cloud engineering that can assist you with those remediation issues.
Is this the same as a penetration test?
No. In fact, a cloud penetration test is a very different type of engagement that typically involves live, direct access to the environment and granting access to sensitive systems. A thorough cloud security posture assessment can identify a wide variety of issues across entire environments quickly and more efficiently, so it's best to address those first. Most of our clients explore cloud penetration testing after they've worked with us to validate the net effect of their remediation efforts.
What do you mean by threat modeling?
Using the posture of the environment and the context provided through live discussions, we perform a detailed analysis of multiple threat scenarios to rate your ability to prevent, detect, and respond to the most common and damaging types of attacks from multiple different starting points within your infrastructure. These scenarios are purposefully designed to highlight how well all controls and processes work together in realistic breach situations to ensure any gaps are identified.

Why work with us?

Your primary business probably isn't cloud security, but ours is. Working with us lets you focus on what you do best. We only do one thing - cloud security - and we take a lot of pride in doing it well.

We're experts
Helping clients improve their cloud security posture is all we do. That focus allows us to spend considerable time and energy researching modern threats to cloud-first companies so you don't have to.
We do the tedious work
Many companies are building and developing at a fast pace. Digging into security issues across a sprawling cloud infrastructure can be time consuming and tedious, especially if you don't have the right tools and processes close at hand.
We've seen it before
We've seen a lot of different environments. We've seen what works and what doesn't at many different scales. While we don't specifically endorse 3rd party products or vendors, we can usually tell you what other clients have been successful with and where they've run into problems.

Powerful reporting

If you've ever worked with audit, penetration testing, or assessment teams before, you're probably used to seeing reports that are 100s of pages long, with the important details buried along side tons of useless fluff. We've built a powerful interface to your report data that allows for flexible filtering and quickly drilling down into what's important.

“Really useful details here. I really like this report tool.”

Will H. Staff Security Engineer at Bank
Darkbit Report UI

Detailed guidance

Every assessment finding is packed with details that help you triage and determine the best remediation path. From level of effort estimates, to precise validation steps, you're equiped with the relevant details to make informed decisions.

OpenCSPM UI

The results

At Darkbit, we're all about outcomes. The outcomes of partnering with Darkbit for a comprehensive cloud security posture assessment are clear.

Level up quickly

Our experts prioritize the issues that are the most relevant for your specific environment.

Free up resources

We're an extension of your security team, monitoring your cloud security posture so you don't have to.

Detect changes faster

With high signal and low noise, we'll quickly surface relevant changes to your risk posture

Control your data

Avoid more 3rd party trust issues by keeping all of your sensitive security data inside your cloud environment.

Ready to get started?

Give us some basic info about your organization.

The best way to see if we're a fit for you is to have a quick phone or video call. We'll ask a few questions and explain our approach. If we can help, we'll lay out a clear timeline of what to expect and then we'll get to work.

When you fill out this form, we'll email you right away to schedule the initial call via phone or video.

Our workloads run primarily on:
We use Kubernetes in production: