Cloud Security Assessment

Cloud deployments are tricky as it not only depends on the deployment architecture and SECaaS subscription but more so on the configuration of individual services and platform subscriptions of an enterprise. Misconfiguring Cloud assets is the single major cause of breaches reported as of today. NetSentries' Cloud Security Assessment program provides enterprises with a comprehensive review encompassing all aspects of cloud deployments. Our service employs a hybrid assessment strategy mixing passive validation using our Cloud Security Framework (CSF) and active penetration testing techniques against your cloud deployment, highlighting prioritized risks with actionable recommendations.

Service Banner Image
Continuous & Comprehensive

Cloud Security Assessment

NetSentries' Cloud Security Assessment service takes into consideration your operational context, business requirements, and compliance needs to provide recommendations that makes sense to the business instead of generic control guidelines that might not always be applicable. Using our home-grown Cloud Security Framework as a guiding light, our assessment covers 46 control categories across the individual components and subscriptions of your cloud deployment.

Let’s Start

Our Approach

The Cloud Security Assessment service takes into consideration the operational and business context of the deployment and associated compliance requirements. The CSF ensures controls against vulnerabilities and compliance adherence while being least disruptive to ongoing operations. The service also takes into account the deployment architecture to identify any missing controls or gaps in the deployment that'll lead to a potential compromise. The service covers all aspects of your deployment, from Access Control and Management, Transport Security and monitoring and operations monitoring, Application Control, Logging, and all the up till Data handling strategies employed. The CSF also ensures the secure configuration of individual subscriptions and services employed by your enterprise, providing you with a 360-degree assurance of your cloud deployment. In addition to passive validation using CSF, our service also employs active Penetration Testing against permitted CSP services and configuration settings to test the efficacy of the deployed controls.

About Shape Image

Cloud Security Framework (CSF)

The CSF is a comprehensive framework comprising 10 control families, 46 control categories, and 100s of subcontrols under each of the categories derived from industrial standards such as ISO-27017, CSA-CCM, and leading Central Bank guidelines for Cloud Service deployments. This framework covers all components to the marrow, including the secure configuration of individual service components as part of the deployment, providing you with a bird's eye view of all the issues in individual components, with prioritized and actionable recommendations in line with your Cloud Service Provider and compliance guidelines.

Work Process Image

Application-Level Security Controls Review  

  • Secure Software 
  • Web Application Firewall 
  • API Security 
  • Secure change controls mechanisms
  • Sandboxing  
Work Process Image

Event Monitoring and Response 

  • Log Management 
  • Alerts and Notification 
  • Incident Monitoring and Response 
  • Securing Logs
  • Logs Retention 
  •  Auditability /traceability/ Accountability of data event
Work Process Image

Data Classification and Accountability: Client & Endpoint Protection 

  • Data protection
  • Key Management  
  • Encryption 
  • Data Sanitization
  • Data Retention 
  • Data Deletion 
  • Data Archival 
  • Tokenization 
  • End Point Protection  
Work Process Image

Business Continuity 

  • Disaster Recovery and Business Continuity 
Work Process Image

Governance 

  • Compliance Monitoring  
Work Process Image

Legal Issues, Contracts and Electronic Discovery

  • E-Discovery 
  • DPR Acts 
Work Process Image

Identity and Access Management 

  • User Access Management 
  • Roles Management 
  • Critical Configuration Access  
  • Multifactor Authentication 
  • Identity Providers 
  • Federated ID
Work Process Image

Operations Management 

  • Process Management 
  • Compliance Management 
  • Service Management 
Work Process Image

Virtual Host, Physical, Network Security Controls

  • Virtual Infrastructure Security 
  •  Perimeter Security 
  • CASB 
  • Secure Network Configuration
  • Access Control for Remote Access  
  • OS Baseline Compliance Monitoring  
  • Patch Management  
  • Performance Monitoring  
  • Backup and Restore 
Work Process Image

Data Classification and Accountability  

  •  Data Discovery 
  • Data Classification and Labelling 
  • Ensure Version Control and data provenance  

Cloud Infrastructure Penetration Testing and Control Validation

Cloud Infrastructure Penetration Testing and Control Validation is not limited to any one Cloud Service Provider. The assessment service morphs into the CSP's context imbibing the services that are specific to it.

About Shape Image
Work Process Image
Validate Security Posture of Your

AWS Environment

Our AWS security assessment service finds security flaws in your AWS infrastructure's cloud configuration and other areas and offers practical suggestions to strengthen your AWS cloud security posture. the Hybrid AWS security assessment includes control validation, configuration audit, and penetration testing of the below-services:

  • Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
  • Amazon RDS
  • Amazon CloudFront
  • Amazon Aurora
  • Amazon API Gateways
  • AWS Fargate
  • AWS Lambda and Lambda Edge functions
  • Amazon Lightsail resources
  •  Amazon Elastic Beanstalk environments
Work Process Image
Validate Security Posture of Your

Azure Environment

Our Azure security assessment service finds security flaws with your Azure infrastructure's cloud configuration and other areas and offers practical suggestions to strengthen your Azure cloud security posture. Hybrid Azure security assessment includes control validation, configuration audit, and penetration testing of the below services:

  • Azure Asset, Services, and AD Enumeration
  • Initial Access Attacks - Enterprise Apps, App Services, Logical Apps, Function Apps, Unsecured Storage, Phishing and Consent Grant
  • Credentialed Enumeration of Storage Accounts, Key vaults, Blobs, Automation Accounts and Deployment Templates
  • Privilege Escalation of RBAC roles, Azure AD Roles
  • Lateral Movement with Pass-the-PRT, Pass-the-Certificate, Across Tenant, Cloud to on-prem and on-prem to cloud Persistence techniques simulations
  • Data mining and exfiltration
  • Defense Evasion and Bypass
Work Process Image
Validate Security Posture of Your

GCP Environment

Our GCP security assessment service finds security flaws with your GCP infrastructure's cloud configuration and other areas and offers practical suggestions to strengthen your GCP cloud security posture. Hybrid GCP security assessment includes control validation, configuration audit, and penetration testing of the below services:

  • IAM user and service account privilege escalation
  • Kubernetes Engine flaw identification and exploitation
  • Exploit insecure functionalities in the GCP environment
  • Exploit weak access controls to Google cloud bucket storage, virtual machines, and databases
  • Exploit vulnerable security perimeters in Google cloud infrastructure
  • Holistic view of the threat posture for any of all assessment projects
  • Cloud Function Security Audit
  • On-premises to cloud and vice-versa pivoting

Schedule your
Cloud Security Assessment Now

Get in Touch
Free Consultation ImageFree Consultation Shape ImageFree Consultation Shape Image