We emulate attackers to locate the critical exposures that hackers, ransomware, cybercriminals, and nation states will leverage to compromise your organization.
Every organization has digital assets to protect. Which of these scenarios sounds like you?
We are fanatical about delivering security solutions and fixated on customer success.
Put the customer first and everything else will work out. Our lifetime NPS of 02 reflects this core value commitment to our customers.
Several customers have jumped on camera to share their Praetorian experience. Check out their success stories.
Our customers love getting on camera for us!
We build innovative, sustainable solutions that solve real-world problems for our customers and ourselves.
Learn about our offerings, their methodologies, and the outcomes you can expect.
Our whitepapers blend data and thought leadership across a range of security matters, to help you understand an issue, solve a problem, or make a decision.
Keep up-to-date on cybersecurity industry trends and the latest tools & techniques from the world’s foremost cybersecurity experts.
Praetorian is committed to opensourcing as much of our research as possible.
Service meshes are emerging as a popular solution for managing the different microservices that make up a cloud-native application. Among the alternatives, Istio is most widely used. Istio uses the Envoy service proxy to provide services such as traffic management, telemetry and security to complex cloud deployments.
As with any sufficiently complicated software system, a misconfiguration in service meshes can lead to security issues. That’s why we built Snowcat.
By default, Istio does not require mTLS for all connections, but to further protect workloads within the mesh, additional controls are recommended.
As with firewall rules, the safest approach is to configure “default deny” policies first and make exceptions for known good cases.
If egress TLS rules are used, they should explicitly define a set of `caCertificates` to use when validating certificates.
If the Istio JWT policy is set to “first-party-jwt”, the control plane will not validate the audience in JWTs.
Monitor your cluster’s version and compare it against known Istio security issues.
Snowcat is designed to work in unauthenticated and static analysis modes. A full description of the tool can be found in our blog post.
At Praetorian, we’re committed to promoting and contributing to open source security projects and radically focused on developing technologies to enhance the overall state of cybersecurity. Snowcat is one example of our desire to seed the community with tools containing a set of baseline capabilities in the hope that it will spur further progression.
Please use Chrome, Safari, Firefox, or Edge to view this site.