Cloud Security Testing, Architecture, and Design Services
As more companies include cloud services as a core part of their technology strategy, malicious actors are hot on their trails in pursuit of valuable digital assets. Bad actors remain relentless in their quest for adversarial advantages into organizations and when it comes to the cloud, their motives are no different than traditional brick and mortar data centers. Lares, a leader in adversarial simulation and innovative research, understands this motivation well and has invested significant effort in cloud attack techniques to help customers outpace would-be attackers and secure their cloud migration and operation strategies.
Cloud Security Testing
Lares’ cloud services testing reflects our deep insight into tactics, techniques, and procedures (TTPs) leveraged by attackers across the three major clouds, Azure and Azure Active Directory, Google Cloud Platform (GCP), and Amazon Web Services (AWS) and Infrastructure, Platform, and Software service models (IaaS, PaaS, and SaaS, respectively). We possess significant expertise in the areas of configuration and architectural reviews, cloud attack methodology, and advanced persistent threat (APT) simulation.
Utilizing the Penetration Testing Execution Standard (PTES) we concentrate our attack methods within the following Cloud Security Alliance (CSA)® domain areas:
- Domain 1: Cloud Computing Concepts and Architectures
- Domain 7: Infrastructure Security
- Domain 8: Virtualization and Containers
- Domain 9: Incident Response
- Domain 10: Application Security
- Domain 11: Data Security and Encryption
- Domain 12: Identity, Entitlement and Access Management
Our attack methodology extends beyond the cloud maturity due diligence and baseline guidance to sophisticated attack methodology, enumeration, credential theft, and access privilege escalation, and persistence, specialized chained attacks, and cloud attack simulation. Armed with attack expertise in Azure, GCP, and AWS, our cloud resources use custom tools and methods to replicate modern APT groups and advanced threat actors.