Cloud security

We specialize mainly in the security of cloud platforms from Amazon (AWS) and Microsoft (Azure), for which we have a trained and certified team of specialists with extensive experience not only in the cloud environment, but also in the field of ethical hacking.

Cloud Security Assessment
Cloud Outer Perimeter Security. An assessment of the security of your cloud infrastructure exposed to the public internet to identify potential threats and risks, allowing attackers to infiltrate or exfiltrate corporate data and other sensitive information from your cloud environment.

Compliance testing against security standards. Verify the current configuration state of your cloud environment against commonly known recommendations based on the CIS benchmark or against sets of security metrics from the cloud service providers or the community themselves.

Configuration audit of selected services.
Overall verification of the current configuration of selected cloud services against a range of individual "best-practice" and security recommendations. Both using automated tools and enumeration frameworks, as well as a large proportion of manual tests and partial configuration verifications, in order to identify configuration gaps and propose optimal solutions.

For the security of your cloud environment, we recommend regularly checking its configuration to make sure it is in line with your business requirements. Cloud Security Assessment gives you the opportunity to remove unnecessary users, roles, groups and IAM policies, ensuring that your users and software have only the necessary permissions to do their required jobs.​

Outer perimeter cloud security

• Identify IP ranges of cloud infrastructure.
• Enumeration of running services and their versions.
• Exploitation of found vulnerabilities.
• Realistic simulation of an attacker from the Internet (blackbox test).
• Identification of potential leaks of sensitive data and access.
• Detection of vulnerabilities due to misconfiguration of services. 

Compliance tests according to safety standards

• ​Getting the most current configuration state.
• Verification against CIS/PCI-DSS/HIPAA.
• Evaluation of compliance or non-compliance with the selected benchmark.
• Proposed solutions for the findings. 

Configuration audit of selected services

• ​Decide for yourself which cloud services will be fully tested.
• We draw on a range of best-practice recommendations beyond the normal compliance tests. We utilize a variety of sources (Azure/AWS documentation, the security community, our own experience, and others) to offer you best in class solutions.
• We offer a balance of manual and automated configuration auditing by our qualified specialists for selected native cloud services.​

Our Cloud Security Assessment generally involves examining the security of your cloud solution in a number of areas, uncovering various configuration flaws and providing you with a number of recommendations to maximize security that exceed these areas:​

• identity and access management, 
• virtual private cloud, 
• databases, 
• network security groups, 
• advanced threat protection, 
• encryption, including key and password storage security, 
• application security, 
• storage security, 
• patching and instance management, 
• tracking and monitoring configuration changes, and many other cloud sub-areas.