CSR

CLOUD SECURITY REVIEW

Redbot Security’s Cloud Security Review (CSR) focuses on private and public architecture, policies, and permissions in production and development cloud environments for Amazon Web Services (AWS)  Google Cloud Platform (GCP) and  Microsoft Azure (Azure)

Use the Quick Contact form below for a Cloud Security Review -or- tell us more details about your upcoming project.

Cloud Security

The very first activity in a cloud security review is the mapping of the cloud-based attack surface from internal and external perspectives. After mapping the attack surface, the testing perspective for the points below is that a malicious threat actor now has some level of access to the cloud environment. The intent of this testing perspective is to provide the client with security enhancements that can be implemented to prevent high-level impact if a breach occurs.

Redbot Security will review and recommend best-practice security  (see Details Below)

A CSR is not a penetration test; however, a question that comes up often is “can I penetration test AWS or other cloud?”

You can carry out penetration tests against or from resources on your AWS account by following the policies and guidelines at Penetration Testing. You don’t need approval from AWS to run penetration tests against or from resources on your AWS account.

If you plan to run a security test other than a penetration test, see the guidelines at Other simulated events.

Note: You aren’t permitted to conduct any security assessments of AWS infrastructure that isn’t on your AWS account. You also aren’t permitted to conduct security assessments of AWS services themselves. 

Custom Scoping

Our expert team takes pride in developing the right scope for your project.

Timeline Delivery

Our service delivery is designed to exceed expectations, to ensure you meet your deadlines.

Proof of Concept

Complete Proof of Concept to show manual testing efforts with detailed storyboard of findings.

Sr. Level Support

Our primary goal is to ensure that your network is secure. We go the extra mile, are engaged, and continuously strive to be your ongoing security partner.

Case Study

  • Client: MSP
  • Cloud Security Review
  • Initial Test performed over three (3) days
  • Excessive configuration errors
 

View CSR Case Study

Cloud Security

What is a cloud security review?

By nature, a CSR is conducted in an open-security approach (formerly known as whitebox testing). The reviewer needs permissions to the cloud environment to access the console, run queries, and examine the cloud configuration. Because every system’s design varies, there is no automatic silver bullet. Understanding the context of the system is critical for the success of the security review.

Cloud Security Review - Not a Pen-test.

The very first activity in a cloud security review is the mapping of the cloud-based attack surface from internal and external perspectives. After mapping the attack surface, the testing perspective for the points below is that a malicious threat actor now has some level of access to the cloud environment. The intent of this testing perspective is to provide the client with security enhancements that can be implemented to prevent high-level impact if a breach occurs.

Redbot Security will review and recommend best-practice security for the following:

Configuration and deployment strategies of virtual networks or VPCs

Internal and external review of cloud-hosted VMs or EC2 instances

• Configuration, security policies, and permissions associated with users and administrators

Configuration of analytical services

Configuration and network access controls for compute services

Configuration and network access controls for container services

• Configuration, resource permissions, service integration, and network controls of database services

• Configuration, deployment strategies, access controls of storage services

• Configuration and access to management services

 

 

Additional Services

IT Network Penetration Testing

Redbot Security provides true manual penetration testing services that will simulate real-world attacks against your networks. Both External and Internal Network Testing can be performed from a remote perspective.

Application Penetration Testing

Redbot Security’s hybrid approach to web application penetration testing and mobile application penetration testing sources industry-leading frameworks and combines senior-level talent with over 20 years of experience

Red Team

Our Red Team Security Exercise is designed as real-world simulated attacks focusing on your Company’s ability to identify, track, disconnect, and clean up a potential or actualized breach by a malicious actor.

Wireless Penetration Testing

Wireless Network Penetration Testing is a proactive step your company can take to ensure the security of your wireless networks. Redbot Security provides the industry’s most comprehensive onsite wireless security testing.

OT Network (ICS/SCADA) Testing

Redbot Security provides an outside-in approach to offer a holistic testing for ICS/SCADA and recommendation methodology that aligns to the defined scope and expectational needs of the Company.

Social Engineering

Redbot Security mimics a malicious entity with the intent on gaining access to internal networks, system, documents, and proprietary information through Physical and Electronic Tactics