{"id":95430,"date":"2021-08-19T09:00:51","date_gmt":"2021-08-19T16:00:51","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=95430"},"modified":"2023-05-15T22:58:33","modified_gmt":"2023-05-16T05:58:33","slug":"automating-security-assessments-using-cloud-katana","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/","title":{"rendered":"Automating security assessments using Cloud Katana"},"content":{"rendered":"<p>Today, we are open sourcing <a href=\"https:\/\/github.com\/Azure\/Cloud-Katana\" target=\"_blank\" rel=\"noopener\">Cloud Katana<\/a>, a cloud-native serverless application built on the top of <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-overview\" target=\"_blank\" rel=\"noopener\">Azure Functions<\/a> to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud providers.<\/p>\n<p>&nbsp;<\/p>\n<h2>Design principles of Cloud Katana<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95448\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-design-principles.png\" alt=\"Cloud Katana design principles.\" width=\"1412\" height=\"788\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-design-principles.png 1412w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-design-principles-300x167.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-design-principles-1024x571.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-design-principles-768x429.png 768w\" sizes=\"auto, (max-width: 1412px) 100vw, 1412px\" \/><\/p>\n<p><em>Figure 1: Cloud Katana design principles.<\/em><\/p>\n<p>Cloud Katana was designed and developed under the following principles:<\/p>\n<ul>\n<li>A serverless execution model.<\/li>\n<li>Compute on-demand as a web API.<\/li>\n<li>YAML-based attack definitions.<\/li>\n<li>Orchestrated stateful execution.<\/li>\n<li>Secure authentication and authorization.<\/li>\n<li>Managed identity integration.<\/li>\n<li>Granular access control to Azure resources.<\/li>\n<li>Programming language agnostic clients.<\/li>\n<li>Cloud and on-premise coverage.<\/li>\n<\/ul>\n<h2>A serverless execution model<\/h2>\n<p>Cloud Katana is a cloud-native solution that relies on platform as a service (PaaS) concepts to provide a simplified and scalable event-driven solution without worrying about deploying and maintaining the underlying infrastructure used to execute simulations.<\/p>\n<p>To meet this need, Cloud Katana uses Azure Functions to abstract the operating system layer from the code through a pay-per-execution billing model that automatically scales based on trigger invocations.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95451\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/serverless-execution-model.png\" alt=\"A basic definition of a serverless execution model.\" width=\"1080\" height=\"689\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/serverless-execution-model.png 1080w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/serverless-execution-model-300x191.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/serverless-execution-model-1024x653.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/serverless-execution-model-768x490.png 768w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/><\/p>\n<p><em>Figure 2: A basic definition of a serverless execution model.<\/em><\/p>\n<h2>Compute on-demand as a web API<\/h2>\n<p>Simulation steps are represented as blocks of code called functions and invoked via <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-bindings-http-webhook-trigger?tabs=powershell\" target=\"_blank\" rel=\"noopener\">HTTP requests<\/a> through a built-in serverless web API.<\/p>\n<p>With this feature, one could simply send an HTTP request with information about the specific simulation and wait for the infrastructure underneath to process the request. Currently, all functions are written in PowerShell (subject to change) and categorized following the MITRE ATT&amp;CK framework.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95457\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/web-API.png\" alt=\"Compute on demand via a serverless web API and categorized by ATT&amp;CK tactics.\" width=\"1408\" height=\"515\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/web-API.png 1408w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/web-API-300x110.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/web-API-1024x375.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/web-API-768x281.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><\/p>\n<p><em>Figure 3: Compute on demand via a serverless web API and categorized by ATT&amp;CK tactics.<\/em><\/p>\n<h2>YAML-based attack definitions<\/h2>\n<p>Every attack simulation is documented in a YAML-based format to aggregate metadata such as title, description, ATT&amp;CK mappings, expected input and output, and even preconditions to make sure we have the right permissions before running a simulation step. This facilitates the processing of every documented action programmatically and the automatic setup of a few other resources.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95478\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/YAML.png\" alt=\"YAML-based documentation example.\" width=\"1410\" height=\"473\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/YAML.png 1410w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/YAML-300x101.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/YAML-1024x344.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/YAML-768x258.png 768w\" sizes=\"auto, (max-width: 1410px) 100vw, 1410px\" \/><\/p>\n<p><em>Figure 4: YAML-based documentation example.<\/em><\/p>\n<h2>Orchestrated stateful execution<\/h2>\n<p>The project is also designed to handle state and ensure reliability across numerous attack simulations by using an extension of Azure functions named <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/durable\/durable-functions-overview?tabs=powershell\" target=\"_blank\" rel=\"noopener\">durable functions<\/a>. This feature allows the orchestration and execution of scenarios where actions could depend on the state and output of other simulation steps. This is good to define specific attack paths as code.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95481\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Orchestrated-stateful-execution.png\" alt=\"Orchestrated stateful execution to execute chains of events.\" width=\"1381\" height=\"586\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Orchestrated-stateful-execution.png 1381w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Orchestrated-stateful-execution-300x127.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Orchestrated-stateful-execution-1024x435.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Orchestrated-stateful-execution-768x326.png 768w\" sizes=\"auto, (max-width: 1381px) 100vw, 1381px\" \/><\/p>\n<p><em>Figure 5: Orchestrated stateful execution to execute chains of events.<\/em><\/p>\n<h2>Secure authentication and authorization<\/h2>\n<p>Cloud Katana also enforces authentication and authorization best practices to secure the application.<\/p>\n<h3>Authentication<\/h3>\n<p>The project uses the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/v2-overview\" target=\"_blank\" rel=\"noopener\">Microsoft Identity Platform<\/a> (also known as Azure Active Directory or Azure AD) as its identity provider to authenticate clients. This feature requires a registered Azure AD application, which allows users to connect to the Azure Function app using OAuth authentication.<\/p>\n<p>In addition, using an identity provider enables the following features:<\/p>\n<ul>\n<li>Conditional access policies.<\/li>\n<li>The use of <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-mfa-howitworks\" target=\"_blank\" rel=\"noopener\">multifactor authentication<\/a>.<\/li>\n<li>Single sign-on (SSO).<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95484\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/OAuth-device.png\" alt=\"OAuth device authorization grant flow used by Cloud Katana.\" width=\"1248\" height=\"1096\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/OAuth-device.png 1248w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/OAuth-device-300x263.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/OAuth-device-1024x899.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/OAuth-device-768x674.png 768w\" sizes=\"auto, (max-width: 1248px) 100vw, 1248px\" \/><\/p>\n<p><em>Figure 6: OAuth device authorization grant flow used by Cloud Katana.<\/em><\/p>\n<h3>Authorization<\/h3>\n<p>Besides enforcing users to authenticate before executing simulations, the project also implements \u201cApplication Role Assignments\u201d to restrict access to selected users. This allows organizations to select who can use the project in their environments.<\/p>\n<h2>Managed identities integration<\/h2>\n<p>Furthermore, when executing simulations in Azure, Cloud Katana uses a <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp\" target=\"_blank\" rel=\"noopener\">user-assigned managed identity<\/a> to access Azure AD-protected resources. One of the advantages of managed identities is that it removes the need to provision or rotate any secrets.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95487\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/user-assigned.png\" alt=\"A user-assigned managed identity is used to access Azure resources.\" width=\"1103\" height=\"549\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/user-assigned.png 1103w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/user-assigned-300x149.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/user-assigned-1024x510.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/user-assigned-768x382.png 768w\" sizes=\"auto, (max-width: 1103px) 100vw, 1103px\" \/><\/p>\n<p><em>Figure 7: A user-assigned managed identity accessing Azure resources.<\/em><\/p>\n<h2>Granular access control to Azure resources<\/h2>\n<p>Access to Azure resources is defined by the permissions assigned to the managed identity. We currently cover Azure-based scenarios. Therefore, we use permissions associated with each major set of <a href=\"https:\/\/docs.microsoft.com\/en-us\/graph\/permissions-reference\" target=\"_blank\" rel=\"noopener\">Microsoft Graph APIs<\/a> to control access to specific Azure resources.<\/p>\n<p>For example, if we wanted to use Cloud Katana to add credentials to an application, we would need to grant the <a href=\"https:\/\/docs.microsoft.com\/en-us\/graph\/api\/application-addpassword?view=graph-rest-1.0&amp;tabs=http#permissions\" target=\"_blank\" rel=\"noopener\">following permissions<\/a> (from least to most privileged) to the managed identity:<\/p>\n<ul>\n<li>Application.ReadWrite.OwnedBy<\/li>\n<li>Application.Read.Write.All<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95490\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-identity.png\" alt=\"Cloud Katana\u2019s identity adding credentials to an Azure AD application via Microsoft Graph API.\" width=\"1397\" height=\"607\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-identity.png 1397w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-identity-300x130.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-identity-1024x445.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-identity-768x334.png 768w\" sizes=\"auto, (max-width: 1397px) 100vw, 1397px\" \/><\/p>\n<p><em>Figure 8: Cloud Katana adding credentials to an Azure AD application via Microsoft Graph API.<\/em><\/p>\n<h2>Programming language agnostic clients<\/h2>\n<p>Another feature that makes Cloud Katana a very powerful tool is the flexibility to use any programming language to request simulations. If the client used to interact with Cloud Katana can handle the Azure AD authentication process, it doesn&#8217;t matter how the simulation is requested.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95493\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Programming-language.png\" alt=\"Programming language agnostic clients to interact with the serverless web API.\" width=\"792\" height=\"462\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Programming-language.png 792w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Programming-language-300x175.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Programming-language-768x448.png 768w\" sizes=\"auto, (max-width: 792px) 100vw, 792px\" \/><\/p>\n<p><em>Figure 9: Programming language agnostic clients to interact with the serverless web API.<\/em><\/p>\n<p>Microsoft Authentication libraries are available via <a href=\"https:\/\/github.com\/AzureAD\/MSAL.PS\" target=\"_blank\" rel=\"noopener\">PowerShell as MSAL.PS<\/a> and <a href=\"https:\/\/pypi.org\/project\/msal\/\" target=\"_blank\" rel=\"noopener\">Python as MSAL<\/a>. We could also use other open-source projects, such as <a href=\"https:\/\/jupyter.org\/\" target=\"_blank\" rel=\"noopener\">Jupyter Notebooks<\/a>, to create repetitive templates to show the execution of simulations and share the process with other security researchers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95496\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Jupyter.png\" alt=\"Running a Jupyter Notebook to execute simulations.\" width=\"1525\" height=\"1320\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Jupyter.png 1525w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Jupyter-300x260.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Jupyter-1024x886.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/Jupyter-768x665.png 768w\" sizes=\"auto, (max-width: 1525px) 100vw, 1525px\" \/><\/p>\n<p><em>Figure 10: Running a Jupyter Notebook to execute simulations.<\/em><\/p>\n<h2>Cloud and on-premise simulations<\/h2>\n<p>Finally, we are currently experimenting with <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/app-service\/app-service-hybrid-connections\" target=\"_blank\" rel=\"noopener\">Azure App Service Hybrid Connections<\/a> to not only run simulations in the cloud but also on-premises. Hybrid Connections use a <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-relay\/relay-what-is-it\" target=\"_blank\" rel=\"noopener\">relay agent<\/a> to securely expose services that run on-premises to the public cloud. The relay agent sits in the middle between the on-premise server and the Cloud Katana Azure Function app.<\/p>\n<p>A relay agent\u2014<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/app-service\/app-service-hybrid-connections#hybrid-connection-manager\" target=\"_blank\" rel=\"noopener\">Hybrid Connection Manager<\/a> (HCM)\u2014is set up on the on-premise server and configured to call out to the Azure Relay over port 443. The Cloud Katana function app then connects to the Azure Relay to interact with the on-premise server and execute simulations locally. The connection uses TLS 1.2 for security and shared access signature (SAS) keys for authentication and authorization.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-95499\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-simulations.png\" alt=\"Running simulations on resources on-premises from Cloud Katana function app.\" width=\"1395\" height=\"480\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-simulations.png 1395w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-simulations-300x103.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-simulations-1024x352.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CK-simulations-768x264.png 768w\" sizes=\"auto, (max-width: 1395px) 100vw, 1395px\" \/><\/p>\n<p><em>Figure 11: Running simulations on resources on-premise from Cloud Katana function app.<\/em><\/p>\n<h2>Deploy Cloud Katana<\/h2>\n<p>After learning about Cloud Katana\u2019s design principles, you can check our docs to <a href=\"https:\/\/aka.ms\/DeployCloudKatana\" target=\"_blank\" rel=\"noopener\">deploy the project<\/a>.<\/p>\n<h2>Assess security controls<\/h2>\n<p>Once the Azure function app is deployed successfully, you can run some of the <a href=\"https:\/\/aka.ms\/CloudKatanaDemos\" target=\"_blank\" rel=\"noopener\">demos available<\/a> in our docs. The main idea is not only to write simulation steps as code and execute them on demand but also to assess detections and security controls.<\/p>\n<h2>Future work<\/h2>\n<p>Besides automating and releasing more simulation steps, we are also going to be working on several features to improve the deployment of the tool and execution scope. The list below shows some of the ideas we currently have (not in a specific order):<\/p>\n<ul>\n<li>Simulations in other cloud providers.<\/li>\n<li>On-premise simulations via Azure Hybrid Connection management services.<\/li>\n<li>A data model to document chains of simulation steps in a more flexible way.<\/li>\n<li>An Azure DevOps continuous integration and continuous delay (CI\/CD) pipeline to deploy and maintain the Azure Function app.<\/li>\n<li><a href=\"https:\/\/github.com\/Azure\/SimuLand\" target=\"_blank\" rel=\"noopener\">Integration with SimuLand<\/a> to give security researchers an option to deploy it all together.<\/li>\n<li>A way to schedule functions to run periodically as a service in a network environment.<\/li>\n<li>A way to verify if alerts triggered or data was generated after each simulation.<\/li>\n<li>Plugin-like capabilities to integrate other projects, such as <a href=\"https:\/\/github.com\/redcanaryco\/atomic-red-team\" target=\"_blank\" rel=\"noopener\">Atomic Red Team<\/a>, into the framework.<\/li>\n<\/ul>\n<h2>Community contributions<\/h2>\n<p>We look forward to contributions and feedback from the community. If you would like to contribute to specific areas of the project, open an issue in our <a href=\"https:\/\/github.com\/Azure\/Cloud-Katana\" target=\"_blank\" rel=\"noopener\">GitHub repository<\/a> and share your ideas. Look at the previous \u201cFuture Work\u201d section for some ideas.<\/p>\n<h2>Learn more<\/h2>\n<p>To learn more about this open-source initiative, visit the <a href=\"https:\/\/github.com\/Azure\/Cloud-Katana\" target=\"_blank\" rel=\"noopener\">Cloud Katana GitHub repository<\/a>.<\/p>\n<p>To learn more about Microsoft Security solutions,\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener\">visit our\u00a0website<\/a>.\u00a0Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are open-sourcing Cloud Katana, a cloud-native tool under development, to automate simulation steps on-demand in multi-cloud and hybrid cloud environments. This tool is an event-driven, serverless compute application built on the top of Azure Functions that expedites the research process and validation of security controls.<\/p>\n","protected":false},"author":106,"featured_media":95550,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"content-type":[3662],"topic":[3664,3667],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[2572],"class_list":["post-95430","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-ai-and-machine-learning","topic-cloud-security","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Automating security assessments using Cloud Katana | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automating security assessments using Cloud Katana | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Today, we are open-sourcing Cloud Katana, a cloud-native tool under development, to automate simulation steps on-demand in multi-cloud and hybrid cloud environments. This tool is an event-driven, serverless compute application built on the top of Azure Functions that expedites the research process and validation of security controls.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-19T16:00:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T05:58:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Roberto Rodriguez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Roberto Rodriguez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/roberto-rodriguez\/\",\"@type\":\"Person\",\"@name\":\"Roberto Rodriguez\"}],\"headline\":\"Automating security assessments using Cloud Katana\",\"datePublished\":\"2021-08-19T16:00:51+00:00\",\"dateModified\":\"2023-05-16T05:58:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\"},\"wordCount\":1247,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\",\"name\":\"Automating security assessments using Cloud Katana | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\",\"datePublished\":\"2021-08-19T16:00:51+00:00\",\"dateModified\":\"2023-05-16T05:58:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg\",\"width\":1200,\"height\":800,\"caption\":\"Male developer writes on white board during team stand up meeting.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Automating security assessments using Cloud Katana\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automating security assessments using Cloud Katana | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/","og_locale":"en_US","og_type":"article","og_title":"Automating security assessments using Cloud Katana | Microsoft Security Blog","og_description":"Today, we are open-sourcing Cloud Katana, a cloud-native tool under development, to automate simulation steps on-demand in multi-cloud and hybrid cloud environments. This tool is an event-driven, serverless compute application built on the top of Azure Functions that expedites the research process and validation of security controls.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-08-19T16:00:51+00:00","article_modified_time":"2023-05-16T05:58:33+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","type":"image\/jpeg"}],"author":"Roberto Rodriguez","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","twitter_misc":{"Written by":"Roberto Rodriguez","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/roberto-rodriguez\/","@type":"Person","@name":"Roberto Rodriguez"}],"headline":"Automating security assessments using Cloud Katana","datePublished":"2021-08-19T16:00:51+00:00","dateModified":"2023-05-16T05:58:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/"},"wordCount":1247,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","keywords":["Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/","name":"Automating security assessments using Cloud Katana | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","datePublished":"2021-08-19T16:00:51+00:00","dateModified":"2023-05-16T05:58:33+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/08\/CLO20b_Alain_team_meeting_005.jpg","width":1200,"height":800,"caption":"Male developer writes on white board during team stand up meeting."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/19\/automating-security-assessments-using-cloud-katana\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Automating security assessments using Cloud Katana"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/95430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=95430"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/95430\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/95550"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=95430"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=95430"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=95430"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=95430"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=95430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=95430"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=95430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}