Assessment

Run-time Cloud Posture Assessment

The speed at which cloud environments change creates challenges for security teams tasked with ensuring a certain level of posture and compliance. Even making decisions about what steps to take next becomes problematic without a handle on what your current state looks like. WWT's Run-time Cloud Posture Assessment is crucial for security teams to get an understanding of the net effect of architecture decisions and security tool deployments in your cloud environments.

What to Expect

WWT's cloud experts, using industry leading techniques and tools, will perform a non-intrusive assessment of your run-time cloud configuration. Setup takes about 30 minutes per CSP and analysis will begin instantly. Typical time-to-reporting is one to two weeks, depending on the complexity of your environment.

Details

WWT will work with your teams to gain read-only access to cloud platform configuration data. Configuration data will be analyzed over time to look for abuse patterns, and actionable vulnerabilities due to configuration issues, permissions and and data lineage.

Our experts will present detailed reports with data flow diagrams and work together with to your teams to prioritize remediation efforts. We will continue to assess the environment during and after our joint response to measure and quantify posture improvement.

Goals & Objectives

We embrace the idea of failing fast and this assessment provides your teams the data they need to do just that through pre and post-remediation reports. If needed, further engagements with WWT's Cloud Security team can dive deeper into:

  • the efficiency of current operating models
  • applying human and technical resources efficiently
  • directing efforts towards the areas most at risk in your organization
  • up-skilling and tooling to address gaps

Benefits

Our assessment enables security teams to address real posture issues by focusing resources on:

  • Exploitable vulnerabilities
  • Data protection issues with immediate impact
  • Protecting secrets and key material stored insecurely
  • Validating progress against risk frameworks such as CIS, CSC, NIST

Technologies