Cloud Security Assessments (CSA)

The cloud environment is constantly changing, and it makes it difficult to rapidly detect and respond to threats. A cloud security assessment (CSA) can help you identify and mitigate security risks in any part of your infrastructure placed in the cloud

REALISTIC PERSPECTIVE

A realistic perspective on the overall configuration of your environment

IDENTIFY INSUFFICIENT CONFIGURATIONS 

Identify weak or insufficient configurations along with the utilization and configuration of security solutions

ENSURE CORRECT ACCESS CONTROL

Review of access management and permission policies

CUSTOMER VALUE

DELIVERABLE

At the end of the assessment the company will receive a full report containing an executive summary and technical details of each finding

Banshie will provide a full description and thought process behind the attack and as well as key areas of improvement:

  • Executive Summary

  • Technical details

  • Exercise walkthrough with operations

  • Overview of your cloud configuration

METHODOLOGY

The company will get a better understanding of its security perimeter, the risks and vulnerabilities associated with the services exposed to the internet, as well as the possible implications of an account being compromised.

Banshie will test both as an unauthenticated (anonymous) user such as anyone from the internet who can interact with the cloud services, and as a logged in user. 

Based on the risk appetite and the number of users/privileges available, a more in depth analysis can be performed. At the basic level, an assessment uses a read-only account which allows us the check for insecure configuration, and report potential attack paths. 

An in-depth analysis uses a more granular approach where multiple user accounts with different roles are provided for the testing. These roles replicate the same permissions that users of the company have (i.e.: developer, accountant, HR, etc.).

 

This makes it possible to evaluate the permissions controls in place, and what are the risks associated with any of these accounts being compromised.  

Banshie uses the techniques and tools used by real attackers to demonstrate exploitable vulnerabilities and strong defenses present in the current security posture. This will give an overview of which areas to improve

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.

Banshie has a wide skillset and many years of experience in penetration testing and exploit development and are standing by to help you