Microsoft Cloud Katana Released as Open Source for Testing Cloud Security
Microsoft announced on Thursday that it is releasing Cloud Katana as an open source code project for assessing "security controls in the cloud and hybrid cloud environments."
Cloud Katana is built on top of Azure Functions, Microsoft's serverless compute solution. The idea behind Cloud Katana is to run "simulations" to test cloud security, as well as hybrid security (cloud plus on-premises infrastructure). Microsoft's announcement illustrated this concept by showing attacks being carried out on applications.
The attack simulations get initiated via PowerShell, with YAML (Microsoft's stripped-down XML) used for documentation. Here's how YAML plays a role, which can include MITRE ATT&CK mappings:
Every attack simulation is documented in a YAML-based format to aggregate metadata such as title, description, ATT&CK mappings, expected input and output, and even preconditions to make sure we have the right permissions before running a simulation step. This facilitates the processing of every documented action programmatically and the automatic setup of a few other resources.
The announcement indicated that "any programming language can be used to request simulations." Jupyter Notebooks can be used to share the processes with other security researchers.
The steps associated with the simulations are carried out using "functions," which are blocks of code that get invoked via HTTP requests. Azure Active Directory is used to connect to the Azure Functions service, and it's possible to set up conditional access, multifactor authentication and single sign-on for those running the simulations.
Cloud Katana isn't just limited to testing cloud services security. Microsoft is also assessing its use with premises-based machines. The support for premises-based machines involves using the Azure App Service Hybrid Connections service, which uses "a relay agent to securely expose services that run on-premises to the public cloud," Microsoft explained.
Microsoft listed other ideas for Cloud Katana. It's being considered for running simulations with other cloud services (non-Microsoft ones). Microsoft is also looking at using Azure DevOps to "deploy and maintain the Azure Function app" as part of the process.
A SimuLand integration with Cloud Katana is under consideration. SimuLand is a Microsoft open source labs initiative for reproducing attack scenarios. Microsoft is also looking at integrating Cloud Katana with the Atomic Red Team library of attack tests.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.