Ask HN: Security Lab / Playground in the Cloud – Options?

1 points by GekkePrutser ↗ HN
I work for a security team in a large multinational, and I'm looking for a completely off-net security lab service.

Our internal network has a lot of security protections like network proxies, internal PKI, etc. This means that if we want to do some pentesting exercises and trying out new security software we need to spend more time jumping through our own hoops than doing the actual exercise, even though we don't even need to be on the company network for it.

Just to connect to the internet from a docker container is a large amount of work which makes it very hard to quickly test out a new solution. Also, we often trigger our own internal security mechanisms leading to false positives.

I'm looking for companies offering a completely cloud-based "security lab as a service", where we can spin up a playground of possibly vulnerable machines, try out new security software and new vulnerabilities on a simulated 'company' etc.

I'm not considering AWS and Azure for this as those are already managed by other people in our company and subject to the same restrictions and approvals. Also, I wonder if we would trigger their own IDSes (Intrusion detection systems) if we start doing pentest exercises. It would be great if the provider was specialised in security labs so they are aware of these things happening.

I assume I'm not the only one dealing with this issue so I was hoping to hear something about what others are doing.

0 comments

[ 0.31 ms ] story [ 9.7 ms ] thread

No comments yet.