Two ore more factor authentication for all privileged accounts on systems and applications.

Risk: One factor authentication is more vulnerable to brute force attacks and is considered less secure.

All internal systems are using simple authentication.

Risk: Attackers a gaining access to internal systems and application interfaces.

By using encryption at the edge of traffic in transit, it is impossible or at least harder to sniff credentials or information being outside of the organization. Using standard secure protocols like HTTPS is recommended.

Risk: Evil actors might be able to perform a man in the middle attack and sniff confidential information (e.g. authentication factors like passwords).

Applications are running in a dedicated and isolated virtualized environments.

Risk: Through a vulnerability in one service on a server, the attacker gains access to other services running on the same server.

Performing automated periodical backups are used. Backup before deployment can help facilitate deployments whilst testing the backup restore processes.

Risk: If errors are experienced during the deployment process you want to deploy an old release. However, due to changes in the database this is often unfeasible.

Harden environments according to best practices. Level 1 and partially level 2 from hardening practices like 'CIS Kubernetes Bench for Security' should be considered.

Risk: Using default configurations for a cluster environment leads to potential risks.

The communication between virtual environments is controlled and regulated.

Risk: Virtual environments in default settings are able to access other virtual environments on the network stack. By using virtual machines, it is often possible to connect to other virtual machines. By using docker, one bridge is used by default so that all containers on one host can communicate with each other.

Two ore more factor authentication for all accounts on all (important) systems and applications.

Risk: One factor authentication is more vulnerable to brute force attacks and is considered less secure.

Usage of a separate account dedicated for security activities.

Risk: Having security auditing in the same account as infrastructure and applications at the cloud provide might cause evil administrators (or threat actors taking over an account of an administrator) to alter evidence like audit logs.

By using encryption at rest, it is impossible or at least harder to to read information.

Risk: Evil actors might be able to access data and read information, e.g. from physical hard disks.

A test and a production like environment is used.

Risk: Security tests are not running regularly because test environments are missing.

All virtual environments are using resource limits on hard disks, memory and CPU.

Risk: Denial of service (internally by an attacker or unintentionally by a bug) on one service effects other services.

Having a whitelist and explicitly allowing egress traffic provides the ability to stop unauthorized data leakage.

Risk: A compromised infrastructure component might try to send out stolen data.

Redundancies in the IT systems.

Risk: The availability of IT systems might be disturbed due to components failures.

Systems are setup by code. A full environment can be provisioned. In addition, software like Jenkins 2 can be setup and configured in in code too. The code should be stored in a version control system.

Risk: No tracking of changes in systems might lead to errors in the configuration. In additions, it might lead to unauthorized changes. An examples is jenkins.

System calls are limited.

Risk: System events (system calls) can lead to privilege escalation.

The usage of a (role based) access control helps to restrict system access to authorized users.

Risk: Everyone is able to get unauthorized access to information on systems or to modify information unauthorized on systems.

By using encryption internally, e.g. inside of a cluster, it is impossible or at least harder to sniff credentials.

Risk: Evil actors within the organization of traffic in transit might be able to perform a man in the middle attack and sniff confidential information (e.g. authentication factors like passwords)

Hardening of components is important, specially for image on which other teams base on. Hardening should be performed on the operation system and on the services inside (e.g. Nginx or a Java-Application).

Risk: Components (images, libraries, applications) are not hardened.

Begin with the WAF in a monitoring state to understand the traffic and threats. Progressively enforce blocking actions based on intelligence gathered, ensuring minimal disruption to legitimate traffic.

Risk: Vulnerable input, such as exploits, can infiltrate the application via numerous entry points, posing a significant security threat.

Harden environments according to best practices. Level 2 and partially level 3 from hardening practices like 'CIS Kubernetes Bench for Security' should be considered.

Risk: Using default configurations for a cluster environment leads to potential risks.

Usage of infrastructure as code helps to create a production near environment. The developer needs to be trained in order to setup a local development environment. In addition, it should be possible to create production like test data. Often personal identifiable information is anonymized in order to comply with data protection laws.

Risk: In case an errors occurs in production, the developer need to be able to create a production near environment on a local development environment.

A randomized periodically shutdown of systems makes sure, that nobody will perform manual changes to a system.

Risk: Due to manual changes on a system, they are not replaceable anymore. In case of a crash it might happen that a planned redundant system is unavailable. In addition, it is hard to replay manual changes.

Maintain the WAF in alert mode initially to ensure a comprehensive understanding of potential threats. With a medium-level configuration, the WAF settings are refined for greater precision in threat detection, with a stronger emphasis on security without significantly impacting legitimate traffic.

Risk: The threat from malicious inputs remains high, with exploits seeking to exploit any vulnerabilities present at the various points of entry to the application.

A microservice-architecture helps to have small components, which are more easy to test.

Risk: Monolithic applications are hard to test.

The advanced WAF setup is designed to ensure all data is in the correct format and any superfluous input parameters are automatically rejected. It includes machine learning algorithms to detect anomalies, custom-developed rules for real-time traffic analysis, and seamless integration with existing security infrastructures to adapt to the ever-changing threat landscape.

Risk: The presence of sophisticated threats necessitates a robust defense strategy where application inputs are meticulously scrutinized for security breaches, including advanced persistent threats and zero-day vulnerabilities.