AWS Cloud Security Audit
The Amazon Cloud AWS offers a large number of services that can be more or less closely interlinked and that can provide a large number of different business processes and internal services for companies. Due to the large number of services mentioned and their purposes, their interlinking options and the relatively complex authorization concepts of AWS, consisting of roles, rights and policies that can be changed not only by humans, but also by machines and automated processes, this results in a very high degree of complexity. This can very easily lead to security errors that are difficult to identify, but if an attacker finds and exploits them, they can quickly lead to major financial damage.
NSIDE offers the following approaches to help you identify security vulnerabilities in your AWS cloud environment:
- Whitebox audit: We perform a comprehensive audit on the security-relevant configuration of AWS workloads, services and accounts. This focuses on settings that have a direct or indirect impact on the security of cloud resources or the data processed there. This includes in particular access rights to cloud resources for third parties; IAM (user accounts, rights, policies, roles), the most important services (e.g. EC2, S3, Lambda, RDS), firewalling, general isolation against unwanted access from the Internet, monitoring & alerting, as well as lateral movement attacks within the AWS environment through machine roles and automatic processes.
- Graybox assessment / Assumed Breach: We simulate one or more realistic attacks on your cloud workloads, assuming an initial breach to the cloud environment. Realistic scenarios include leaked access keys from a developer or a virtual machine in the cloud that contains a vulnerable, compromised application. Starting from this position, our aim in the assessment is to achieve the highest possible level of authorization in the accessible cloud environment in order to gain control of all cloud resources and services. We document all vulnerabilities found and exploited. This approach is particularly suitable for checking and better understanding the existing security resilience in a realistic approach.