Security Chaos
Engineering Program
why
Modern digital platform become more and more distributed and automated. The new way of including external services as source for building own services has become the natural way to go. Consequently, infrastructure and applications become somehow more complex.
Security Chaos Engineering (SCE) does not rely on theoretical security architecture to protect digital companies. It provides you a fresh perspective and an innovative, chaos engineering based approach to build a new culture of cybersecurity to protect your digital assets.
what
Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in its capability to withstand turbulent conditions in production. It focuses on availability.
SCE is about injecting turbulence, i.e. faults in real world situations, not only tackling availability, but also integrity and confidentiality. It provides improved platform and application security, especially for real world security issues by cultivating the concepts of Security Chaos Testing. Experimenting with Failure helps to uncover systemic weaknesses or gaps.
It practically tackles rather simple vulnerabilities rooted in human error and system glitches, instead of assuming attacks being initiated from sophisticated nation-state actors or hacktivists.
With Alice&Bob.Company’s integrate and enable approach, it implements and maintains a SCE program into clients existing DevOps or agile working culture.
how
Alice&Bob.Company delivers a 12 month program to establish SCE culture within your company. Therefore Alice&Bob.Company works collaboratively with the Clients Management Team and existing security organization in order to get the program ignited.
After performing the team kickoff, Alice&Bob.Company starts a number of initiatives to define the individual scope, coach the concepts of SCE and rolls out a program which addresses
- organization
- team
- implementation
- tools
A&B will introduce, roll-out and maintain the concept and ideas of Security Chaos Engineering. Therefore A&B
- sets the scope,
- teaches the concepts of chaos experiments,
- enables the client to craft Security Chaos Experiments,
- develops collaboratively an experiment design process,
- implements automated Security Chaos Experiments in existing CI/CD pipelines and
- trains and enables the team
A&B will take care to continuously maintain and improve the program over the contractual period. Therefore A&B will arrange moderated team retrospectives in bi-weekly intervals.
YOUR BENEFITS
Main advantages of launching a Security Chaos Engineering (SCE) program with A&B:
- You take care on your product. We take care on creating a modern security culture in your product teams. Continuously and managed.
- Establish the Netflix idea of Chaos Engineering for your teams security culture
- Benefit from the value of automated security chaos experiments
Continuous Penetration Testing
Minimize the risk of application vulnerabilities by combining manual and continuously automated penetration testing for your web applications and API’s.
Cloud Security Posture Management
Keeping visibility and enforced security across public cloud accounts – probably across multiple public cloud vendors with the right tools: facilitate a managed Cloud Security Posture Management (CSPM) service by Alice&Bob.Company.
Managed Container & Serverless Security
Have you heard about Kubernetes Security Posture Management (KSPM)? Keep a clear view on your Cloud and Serverless Security with A&B’s Managed Container & Serverless Security.
Managed Perimeter Protection
Protect your publicly accessible websites, e-commerce platforms, IoT-, IIoTT-applications and other dynamic web application against abuse of bugs, vulnerabilities and Distributed Denial of Service (DDoS) attacks. The team of A&B and AWS give you a peaceful sleep.
CI/CD Pipeline improvement
Pimp your existing CI/CD pipeline to the next level! Alice&Bob.Company continuously monitors and improves your current CI/CD pipelines.
We continuously integrate automated and scalable Cloud Security into your software development lifecycle.
Security Champions Program
Cloud Security Trainings
Never stop learning! The cloud never stops teaching! In Jan 2021 AWS consists of more than 199 ready to use service. 45+ of those are security related. Let us help to enable and educate you team(s) with an individual training plan over a timeframe of 6 to 24 months.
Custom Tailored Managed Service
Is there anything you need, but we haven’t covered. We are always curious and eager to learn about your requirements. And maybe, we develop a new Cloud Security Managed Service together