Kubernetes Penetration Testing and Purple Teaming at Large UK Clearing Bank

About The Customer

Our customer is a cloud-based clearing bank and financial services company that helps to process payments faster and more securely. They approached ControlPlane at conferences in the UK to discuss penetration testing of an Azure Kubernetes Service (AKS) cluster to improve overall platform security and evaluate the detection and monitoring coverage provided by Microsoft Defender for Cloud/Containers.

Cloud Native Pentesting

Our customer engaged ControlPlane for a configuration review, penetration test, and purple team engagement against their Azure Kubernetes Cluster environment. The focus was on Kubernetes, a critical component of their containerised infrastructure. The engagement aimed to identify vulnerabilities, evaluate existing security measures, and recommend enhancements to improve the resilience of the hosting platform.

Challenges

Cloud environments, particularly those implementing containerisation, provide additional security monitoring and detection challenges. The ability to quickly, effectively, and accurately detect malicious activities is essential to the Bank, which wanted to evaluate Microsoft’s offerings.

Our customer heavily uses Azure’s managed infrastructure to host business functions. These include the Azure Kubernetes Service (AKS) for hosting containerised workloads. They also rely on Azure Security Center and Microsoft Defender for Cloud / Defender for Containers to provide security alerting and detections when malicious activities are performed in-cluster.

Solutions

ControlPlane, through a penetration test and a structured emulation of adversarial Tactics, Techniques, and Procedures (TTPs), identified several misconfigurations in the Bank’s environment. These assessments uncovered gaps in detection coverage and bypass techniques that could allow an attacker to remain undetected for an extended period.

Key Areas of Assessment

• Kubernetes Infrastructure Analysis

  • Detailed examination of vulnerabilities within the Kubernetes environment.

• Adversary Simulation & Detection Evaluation

  • Execution of real-world attack scenarios to assess detection capabilities.

• Attack Surface Review

  • Identification of exposed entry points that attackers could leverage.

Benefits Delivered to the Client

• Enhanced Access Controls

  • Strengthen access policies within Kubernetes clusters.

• Risk Mitigation for Sensitive Data

  • Reduction of unauthorised access risks to critical information.

• Improved Security Alerting

  • Increased awareness of gaps in Kubernetes security monitoring and response.

Business Outcome

ControlPlane identified several areas where implemented monitoring was lacking and would benefit from additional configurations. It provided additional advice to aid the Bank in improving security monitoring, and decreasing the risk of undetected cluster compromise.

In conclusion, ControlPlane’s penetration testing and purple team exercises exemplify the commitment to proactive security measures. The collaboration with the customer showcases the effectiveness of a strategic and thorough approach to identifying malicious behaviours within cloud native environments.