We are excited and proud to announce the public availability of Mitigant’s Cloud Security Verification (CSV), the industry’s first implementation of Security Chaos Engineering (SCE) concepts. One of the goals for founding Mitigant is to enable practical cyber resilience for cloud-native infrastructure. Thus the release of Mitigant’s CSV takes us a step further towards realizing this goal.
Cyber Resilience Meets Cloud-Native Infrastructure
Cyber resilience remains a mystery to cloud infrastructure; most discussions about cloud resilience are centred around operational resilience, system resilience and reliability. Cloud cyber resilience remains unexplored, and a possible reason might be the often misinterpretation of cyber resilience; to be the same as cyber security or vice-versa. Consequently, cloud stakeholders are left uncertain and misdirected while attacks are increasingly successful, especially those classes of attacks that require cyber-resilient countermeasures.
Cyber resilience is imperative to effectively tackle certain cyber attacks levelled against cloud infrastructure, e.g. ransomware. However, adopting cyber resilience in the cloud requires approaches different from the currently available ones. SCE fits here; by leveraging systems thinking and security experimentation, SCE allows the verification of hypotheses, the discovery of blindspots, confidence building, and the activation of cyber resilience. It is important to note that SCE does not replace existing cyber security approaches. Rather it complements these approaches; importantly, stakeholders are to understand their uses and select which strategies allow more effective achievement of cloud security and, eventually, cloud cyber resilience. This recent blog post discusses how security teams focused on various security engineering tasks can leverage SCE to achieve their objectives.
What’s In this Release
Mitigant CSV is designed to enable cyber security professionals operating cloud-native infrastructure to leverage systems thinking for solving cloud security and cyber resilience challenges. An approach to systems thinking inherent in SCE is the `SCE Feedback Loop`, and the Mitigant CSV supports the SCE feedback loop. Here is a summary of the features included in this release:
Preset Attack Actions and Scenarios
Several pre-set attack actions and scenarios are designed for injecting attacks into several AWS services. The attack actions are designed to implement specific attack patterns against one or more AWS resources based on the MITRE ATT&CK framework. Conversely, the attack scenarios combine two or more attack actions, thus orchestrating a multi-step attack. Users can also construct custom attack scenarios based on specific use cases.
Mitigant CSV leverages attack graphs to provide situational awareness of the target AWS environment. This includes the attack paths followed in the attack conduct and information on the surrounding cloud resources. The attack graph is retained as part of the attack report for future reference.
Ease of Experiment Documentation
Given that SCE experiments are conducted for specific aims and not for the fun of running them, it is necessary to document these aims/objectives as a basis for further improvements. Also, by documenting. your aim as a hypothesis, experiment outcomes can be compared with hypotheses.
Hypothesis proving requires evidence collection by default; the exact approach might vary for users depending on the tools used for collecting evidence. The Mitigant CSV acquires evidence from AWS Cloudtrail and AWS GuardDuty. This approach will be expanded soon, and more sources of evidence collection will be integrated.
Safety is a critical requirement for SCE experiments. This includes the ability to roll back to the `steady state` following the completion of experiments or even premature termination. Automatic rollback comes out of the box in this release; no extra effort is required from users, and attacked cloud resources are returned to the point they were found previously.
Statistics of Attacks
Several statistics are provided via intuitive charts and graphs. These statistics display an analysis of the experiments conducted over time, including the types of executed attacks, involved AWS services and an overview of attacks by status.
Attack Exemption Using Tags
AWS resources to be exempted from attacks can be tagged with specific texts. This allows such resources to be exempted from attacks, which enables safe experiments, especially in production environments.
Notifications are currently embedded in the web user interface so users can always get the prompt to review attacks executed previously or by team members. Notification for collaboration tools, e.g. Slack, will soon be added; this will be super useful for running security gamedays and for SOC teams.
What’s Coming Next
There are several cool features in various stages of development abs will soon be released. Some upcoming features include integrating collaboration tools (e.g. Jira and Slack), attack recommendations, cyber resilience metrics, and support for cyber resilience engineering.
How to Sign Up
You are invited to sign up for the Mitigant Cloud Security Verification. Head over to the signup link - https://www.mitigant.io/sign-up. The signup procedure is seamless, and the onboarding process is straightforward and fast. Please feel free to reach out if you have any questions. You can easily use the chatting system or drop your questions on our contact page - https://www.mitigant.io/contact
Co-Founder & CTO, Mitigant. | Contributing Author - O'Reilly Security Chaos Engineering Book. | AWS Community Builder