Detect: Identify Risks Fast

Threat Modelling

Isolate critical security threats to Kubernetes and other container-based systems, and implement appropriate security controls and measures to mitigate these risks.

We built the first threat models for Kubernetes and lead community CNCF threat modelling under the Linux Foundation.

Threat model full or partial systems, infrastructure proposals, and individual software services. Duration dependent on scoping, timeboxing, or depth of complexity:

  • 1 or 2 day workshop
  • 1 to 2 week writeup
  • Presentation and next steps meeting

See our threat modelling packages.

Kubernetes & Cloud Penetration Testing

Test Kubernetes and cloud-native systems to identify vulnerabilities and potential security risks. We have fixed price and time-based offerings, see our penetration testing scoping in detail.

We test:

  • Kubernetes and associated services
  • EKS and AWS cloud
  • GKE and GCP cloud
  • AKS and Azure cloud
  • On-prem and airgapped systems

Supply Chain Security

Our supply chain case studies.

Protect organisation’s supply chain from potential security threats, by implementing security measures and best practices.

We build secure supply-chain security practices into systems:

Assurance & Maturity Assessment

Our assurance case studies.

Evaluate security posture, including security architecture and processes, to identify potential weaknesses and with our detailed assessments based on industry standards.

We can help with:

  • Review of cluster security controls
  • Analysis of system security threats
  • Evaluation of organisation-wide security posture

See our assurance packages.

Correct: Secure by Design DevSecOps

Platform Engineering & Development

Our platform engineering case studies.

Develop secure software delivery platforms and applications, designed to be resistant to attacks and minimise the risk of data breaches or other security incidents.

  • Cloud native solutions using the best of the cloud provider offerings
  • Identify, measure, and remediate platform risks
  • Integrated guard rails
  • Developer experience focus balanced with security requirements

GitOps and Progressive Delivery

Our supply chain case studies.

ControlPlane offers a hardened, enterprise-grade distribution and support services for the CNCF-graduated open-source Flux CD project.

Implement secure and efficient GitOps with Flux CD. Our Enterprise Assurance and support for architecture, deployment, and supply chain management with Flux CD covers the key secure components of modern software development, built around GitOps.

  • Secure GitOps with Flux CD
  • Tekton Pipelines with Chains and secure supply chain attestation
  • Evidence lakes for audit data recall
  • Securely reduced cycle time for happier developers

Operational Automation

Our platform engineering case studies.

Automate routine tasks and processes for infrastructure, which helps to improve efficiency and reduce the risk of human error.

  • Infrastructure as Code
  • GitOps
  • Secure by Design
  • Secure Supply Chain

Telemetry & Sensors

Our platform engineering case studies.

Threat observability and data analysis to identify vulnerability and performance issues. We integrate with SOC and SIEM processes to ensure detection and response.

  • Automated detection triggers
  • Event threat models and remediation guidance
  • KPIs and SLOs for security

Protect: Nurture Talent and Stay Secure

Breach Simulation

Our ctf case studies.

Simulate a security breach to test incident response plans and identify areas for improvement.

  • Real infrastructure
  • Secure security sandboxes
  • Unlimited testing and training

We run the official CTFs for Kubecon. We teach people security with a host of cloud native security experts, and can customise events to simulate target systems.

Cloud Native Training Curriculum

Our training courses focus on the secure development and deployment of cloud native applications and systems. We are long-time cloud native trainers, from Docker and Terraform through Kubernetes and Service Mesh, and have trained the world’s biggest organisations under contract to SANS, O’Reilly, The Linux Foundation, and more.

We care about imparting knowledge that remains relevant and sticks with your team, and cater from introductory to advanced levels.

Purple Team Training

Our purple team case studies.

Combine elements of both red team (offensive) and blue team (defensive) security testing to improve security posture.

  • Learn by hacking to build better defence
  • Share responsibility for security amongst your teams
  • Build a culture of security

Zero Trust Systems

Our zero trust case studies.

Implement a security model that assumes all users, devices, and applications are untrusted, and requires authentication and authorisation for every access attempt, in order to minimise the risk of unauthorised access or data breaches.

  • Remove passwords and replace them with short-lived credentials
  • Encryption in transit, signing at rest, federated identity