One of the interesting things that we see from the scarlet demos we deliver, is just how surprised people are about the extent of their own attack-surface. There is often a significant gap between what an organisation thinks they have, and what they actually expose to the outside world.
One aspect of this is serverless computing. Which is clearly an oxymoron, as there is a server (in fact there are often a handful), however, it’s just not yours, and you have little visibility or control over the way it is maintained.
For example, the typical cloud function or serverless container-farm actually has a handful of addresses open to scrutiny (often including IPv6 by default), that change every day or so, and also multi-tenant a whole collection of other customers at the same time.
But don’t get us wrong, the serverless offerings (when used as a part of a well-architected solution) can be a brilliant way of building a scalable platform. It’s just that they can also be complex, and complexity means there is the potential for people (and automation tools) to misconfigure them.
All it takes is for the wrong tick-box to be checked, and what was intended to be a private service is now exposed to external access.
scarlet helps you to close the gap between theory and actuality, and quantify the difference between what was supposed to be exposed, and what actually is exposed.
But don’t take our word for it, why not just give it a try? There’s a free, unrestricted trial available, and you only need an email address to register. You could literally be up and running, and seeing the value in ten minutes.