A Purple Team Approach to Attack Automation in the Cloud Native Environment

Sammanfattning: The threat landscape is changing with the increased popularity of cloud native systems. Adversaries are adopting new ways to attack systems. Therefore, security specialists have to adopt new approaches to their security practices. This thesis explores a purple team approach to attack automation in a cloud native environment. There are two thesis goals. The first goal is to investigate cyber threats encountered in the cloud native environments. The second goal is build a attack automation tool to improve a purple team evaluation of the cloud native environments. As a result, we create a more comprehensive resource of cloud native threats that we refer to as the Cloud Native Threat Matrix. Based on this matrix, we build a tool for attack automation. The tool follows the assume breach approach, providing a defense-in-depth security testing. As a final step, we propose an improvement to the purple team evaluation of the cloud native environments, that combines created Cloud Native Threat Matrix with an automated attack techniques execution and active collaboration as a fundamental concept of purple team evaluations. A Cloud Native Threat Matrix solves the problem of scattered threat data, providing a coherent and easy-to-use platform. In addition, the automation provides a possibility for rerunning security evaluations and making sure that security weaknesses are not re-introduced during major changes. A purple team approach allows improving system defense and response capabilities.