DevOps code review, Architecture analysis, Hardening

​

​

Kubernetes​

(360 degree review based on industry best practices)

​

​

• Cluster isolation - many clients are unsure how to divide their kubernetes infrastructure. We can help by compiling the requirements and achieving the right design 

• Container security - checking roles and permissions, making sure least privileged principle is being adhered to throughout the kubernetes deployment

• Secrets management - implementing maintainable secret management architecture

• Versions and upgrades - making sure you are up to date with all the latest security patches

​

Cloud Identity Access Management

(Access management, Roles, Keys, etc)

​

• Designing user and service accounts and integrating them with your organisations directories

• Testing internal exposure to public resources running service accounts

• Looking for accounts that should have been unprovisioned across your different cloud providers

 

Continuous Integration tools

(Jenkins, Gitlab, Bitbucket)

​

• Hardening branch permission and structure

• Adding security checks to pull requests

• Whitelisting artefacts in security controls

• Reducing security check run times

​

Continuous Deployment tools & IaaC

(Terraform, Chef, Puppet)

​

• Implementing safety checks and boundaries for your CI processes and architecture

• Implementing different open-source security tools

• Uncovering vulnerable code such as hard coded secrets, local user creation, admin backdoors

​

Network security

(Cloud  firewalls, segmentation, Isolation, Scanning) 

​

• Hardening developer and admin access to sensitive systems and data

• Scanning for external exposure

• Hardening  DNS 

• Implementing zero trust networks and strong authentication

 

Secrets management & encryption

​

• Implementing vaults and creating integration to SecOps tools such as Slack and MS Teams

​

 

​

Kubernetes security integration

​

Next Generation WAF

​

• No learning mode and no need to switch modes between releases

• Cutting edge technology with low installation time, low maintenance and virtually no false positives

​

Container security

​

• Container runtime protection

• Vulnerability scanning

• Process and network visibility

​

Code security

​

• Catch and deal with exposures as early as possible and avoid creating technical debt (shift left)

​​

​

Cloud security

​

Secure backups solutions

​

• Create immutable backups

• Perform sensitive data obfuscation before restoring into development environment

• Create scheduled restores for testing

​

Visibility solutions

​

• Collect logs and metrics from any types of infrastructure and application

• Easily detect anomalies for security and availability alerting

• Correlate your logs with threat intelligence feeds

​

Software composition analysis

​

• Avoid using vulnerable libraries

• Prioritise vulnerabilities based on exploits in the wild 

• Only flag libraries in which vulnerable libraries  being used to reduce developers fatigue

 

Cloud data & document leak prevention

​

• Fingerprint your sensitive data

• Track and control your information within and outside your network boundaries

​​