‹ Case Studies

Kubernetes Purple Teaming for a UK Banking-as-a-Service Provider

kubernetes security purple-team pentesting
How a Banking-as-a-Service provider boosts security measures: Purple Teaming identifies security monitoring and alerting gaps and misconfigurations
Kubernetes Purple Teaming for a UK Banking-as-a-Service Provider

Background

Our client is a Banking-as-a-Service (BaaS) provider that offers financial solutions such as savings accounts and merchant wallets to non-banking companies. The client contacted ControlPlane to perform a Purple Team assessment to evaluate the effectiveness of their existing security controls and determine how effectively adversarial activities were prevented and detected by security operations.

Cloud Native Purple Teaming

The client engaged ControlPlane for a Purple Team assessment against their Kubernetes environment. The primary objective of the Purple Team assessment was to evaluate the detection capabilities enforced by the client to protect resources deployed across the Kubernetes clusters within their staging environment and to provide recommendations for improving their security monitoring configuration and coverage.

Challenges

The client operates in a complex multi-cloud environment, hosting containerised workloads on AWS Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE). They rely on a range of security tooling from different vendors to provide security detections and alerts if malicious activities are performed in their environment. The client wants to ensure their tooling is set up correctly and provides sufficient coverage to quickly, effectively, and accurately detect and respond to malicious activities.

Solutions

During the Purple Team assessment, ControlPlane emulated known threat actor tactics, techniques and procedures (TTPs) to simulate realistic attacks and evaluate the detection abilities of the client’s security operations.

During the engagement, ControlPlane assumed a number of internal and external attacker identities to simulate different scenarios. These scenarios were discussed in the planning process and defined through collaborative efforts between the client and ControlPlane. The scenarios were designed to simulate both benign and malicious actors within and externally to the business. The activity executed during the Purple Team assessment was mapped to the MITRE ATT&CK® framework.

During the engagement, ControlPlane identified several monitoring and alerting gaps and misconfigurations in the code scanning and secrets scanning process. The ControlPlane team attempted to deploy malicious workloads, execute real-world exploits, and exfiltrate data to test the Kubernetes and cloud security posture and the security team’s ability to respond to real-world threats.

Performing the Purple Team assessment enabled the client to:

  • Assess the effectiveness of their preventive and detective security controls
  • Identify gaps in the implemented security monitoring and alerting
  • Train the SOC team in responding to real-world threats
  • Gain a better understanding of the attack surface of their Kubernetes clusters
  • Assess the ROI of their security tooling

Business Outcomes

ControlPlane identified several areas where implemented security controls, monitoring, and alerting were lacking and provided recommendations to close the gaps aligned with common industry standards such as CIS Benchmarks.

In conclusion, ControlPlane’s purple team exercises exemplify the commitment to proactive security measures. The collaboration with the customer showcases the effectiveness of a strategic and thorough approach to identifying malicious behaviours within cloud native environments.

Similar case studies

Featured Image

Straiker AI CTF

Straiker AI CTF
cloud kubernetes training generative-ai security llm ctf
Featured Image

OpenAI: Red Teaming GPT-4o, Operator, o3-mini, and Deep Research

How an external Red Teaming engagement supported OpenAI’s evaluation and hardening of frontier models through systematic adversarial testing.
red-team generative-ai security assurance purple-team incident-response
Featured Image

Kubernetes Penetration Testing and Purple Teaming at Large UK Clearing Bank

How the Bank boosts security measures: Penetration Testing identifies misconfigurations and gaps in Security Monitoring
kubernetes security threat-modeling pentesting purple-team

Similar articles

Featured Image
Blog

Out on the GenAI Wild West: Part I - Red Team Redemption

Multi-turn agentic adversarial testing reveals vulnerabilities in foundational models like o3-mini and DeepSeek R1. Learn why adaptive security strategies, model-specific defenses, and continuous …
security generative-ai pentesting
Featured Image
Blog

Penetration Testing and Purple Teaming: Essential for Financial Services Security

security pentesting purple-team
Featured Image
Case Study

Straiker AI CTF

Straiker AI CTF
cloud kubernetes training generative-ai security llm ctf

We value your privacy

Cookies are used to enhance your browsing experience.