Capability architecture
Cloud Exposure: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
01Why it matters
- Cloud environments change quickly and often expose assets outside traditional network inventories.
- Public buckets, gateways, functions, load balancers and managed services can create hidden attack paths.
- Cloud exposure must be connected to APIs, identities and ownership to be actionable.
02ThreatCanary approach
- Identify cloud-facing services, regions, gateways, storage exposure, DNS relationships and public endpoints.
- Correlate cloud metadata with asset ownership, API inventory and attack-path context.
- Prioritise exposure based on reachability, data sensitivity and validation results.
03What it validates or reveals
- Cloud services exposed to the internet.
- Cloud/API relationships that expand compromise paths.
- Misconfigurations requiring validation or owner review.
04Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
