Microsoft Cloud Katana Released as Open Source for Testing Cloud Security -- Redmondmag.com

Microsoft Cloud Katana Released as Open Source for Testing Cloud Security

By Kurt Mackie
08/20/2021

Microsoft announced on Thursday that it is releasing Cloud Katana as an open source code project for assessing "security controls in the cloud and hybrid cloud environments."

Cloud Katana is built on top of Azure Functions, Microsoft's serverless compute solution. The idea behind Cloud Katana is to run "simulations" to test cloud security, as well as hybrid security (cloud plus on-premises infrastructure). Microsoft's announcement illustrated this concept by showing attacks being carried out on applications.

The attack simulations get initiated via PowerShell, with YAML (Microsoft's stripped-down XML) used for documentation. Here's how YAML plays a role, which can include MITRE ATT&CK mappings:

Every attack simulation is documented in a YAML-based format to aggregate metadata such as title, description, ATT&CK mappings, expected input and output, and even preconditions to make sure we have the right permissions before running a simulation step. This facilitates the processing of every documented action programmatically and the automatic setup of a few other resources.

The announcement indicated that "any programming language can be used to request simulations." Jupyter Notebooks can be used to share the processes with other security researchers.

The steps associated with the simulations are carried out using "functions," which are blocks of code that get invoked via HTTP requests. Azure Active Directory is used to connect to the Azure Functions service, and it's possible to set up conditional access, multifactor authentication and single sign-on for those running the simulations.

Cloud Katana isn't just limited to testing cloud services security. Microsoft is also assessing its use with premises-based machines. The support for premises-based machines involves using the Azure App Service Hybrid Connections service, which uses "a relay agent to securely expose services that run on-premises to the public cloud," Microsoft explained.

Microsoft listed other ideas for Cloud Katana. It's being considered for running simulations with other cloud services (non-Microsoft ones). Microsoft is also looking at using Azure DevOps to "deploy and maintain the Azure Function app" as part of the process.

A SimuLand integration with Cloud Katana is under consideration. SimuLand is a Microsoft open source labs initiative for reproducing attack scenarios. Microsoft is also looking at integrating Cloud Katana with the Atomic Red Team library of attack tests.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.