Audits Istio service meshes for evidence-backed Zero Trust maturity, attack paths, and remediation priorities.
90
90%
Does it follow best practices?
Impact
93%
1.19xAverage score across 4 eval scenarios
Advisory
Suggest reviewing before use
A SaaS company runs a multi-tenant platform on Kubernetes with Istio. The platform engineering team recently enabled outboundTrafficPolicy: REGISTRY_ONLY across the mesh, believing this would prevent workloads from making unauthorized outbound calls to external services. A compliance auditor has questioned whether this control is sufficient to meet their data-exfiltration prevention requirements, and the team needs a formal assessment.
The inputs directory contains the mesh configuration, ServiceEntry resources, egress gateway configuration, and network policy manifests as captured from the cluster. There is no live cluster access available.
Produce an egress security assessment in egress_assessment.md that evaluates the actual strength of the egress controls in place, identifies any gaps or misconfigurations, and provides a prioritized remediation plan.
egress_assessment.md: An egress security assessment. Include an executive summary, a section analyzing the egress architecture and the actual enforcement boundaries of each control, a findings section (each finding with severity, confidence, affected assets, evidence, attack scenario, business impact, remediation, and validation steps), and a remediation plan organized by time horizon (Immediate, 30-day, 90-day).