Penetration Testing for Cloud and Hybrid NetworksAlthough cloud-based resources may be managed by an external provider, it is important to ensure they are secure. Compromised cloud services can impact an organization’s internal network and operations. By: Kirk Trychel, OSCP, GCPN, OSWP
What is cloud penetration testing? What does it look like? Does your organization need it?
Although cloud technology has been widely adopted in recent years, the answers to these questions may not be obvious. In fact, the use of cloud services is rapidly changing the scope of network penetration testing. Even if an organization has only a few cloud-based resources, limiting testing to traditional networks or isolated applications could be a devastating mistake.
The SolarWinds attacks and Capital One breach exploited vulnerabilities in cloud services. Well-known ransomware groups and advanced persistent threat (APT) actors have leveraged cloud services to move laterally, install ransomware, deploy command and control (C2) infrastructure, and escalate privileges in some of the largest and most heavily defended networks. Yet most organizations still do not conduct cloud penetration testing.
Using cloud services does not mean forgoing responsibility for securing that environment. Within a shared responsibility model, organizations help secure externally managed cloud technologies by identifying user roles and data classification. The cloud service provider enforces these decisions. The organization must ensure that the cloud services are properly configured and protected, especially identity and access management (IAM).
Most cloud service providers, including Microsoft Azure and Amazon AWS, have policies that allow penetration testing against cloud-hosted applications or services, the user environment, and IAM. In most cases, additional permission and notifications are not required to begin testing. The first step in the penetration test is identifying an organization’s cloud attack surface. This step can be difficult, particularly for large organizations. The process often reveals elements that the organization did not consider.
How can the Secureworks® Adversary Group help?
Secureworks cloud security specialists help organizations understand their cloud attack surface and how it impacts their network and business. The Secureworks Adversary Group developed a manual testing methodology that goes well beyond a configuration review and examines how an organization can be targeted and attacked. By testing cloud deployments along with traditional networks, members of the Secureworks Adversary Group can emulate threat actors’ tactics, techniques, and procedures (TTPs). In addition, Secureworks researchers continually identify and explore novel techniques for attacking cloud technologies, developing tools such as PhishInSuits.
Whether your organization has a few apps in Azure, an entire AWS-hosted network, or a novel configuration, Secureworks adversarial testing services can help secure your business against evolving threats. Contact us to get started.