Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method and system for determining abnormal configuration of network objects deployed in a cloud computing environment are provided. The method includes collecting network object data on a plurality of network objects deployed in the cloud computing environment; constructing a network graph based on the collected network object data, wherein the network graph includes a visual representation of network objects identified in the cloud computing environment; determining relationships between the identified network objects in the network graph, wherein the determined relationships between the identified network objects includes descriptions of connections between the identified network objects; and analyzing the network graph and the determined relationships to generate insights, wherein the generated insights include at least a list of abnormal connections between the identified network objects.

Abstract: A system and method for generating a contextual cloud risk assessment of a cloud computing environment. The method includes accessing a plurality of cloud assessment policies, wherein a policy including a query executable on a security graph; applying the plurality of cloud assessment policies to the representation of the first cloud computing environment; generating a risk assessment report based on an output generated by applying a policy of the plurality of cloud assessment polices; and initiating a mitigation action based on a cybersecurity risk from the risk assessment report.

Abstract: A system and method for prioritizing alerts and mitigation actions against cyber threats in a cloud computing environment. The method includes detecting an alert based on a cloud entity deployed in a cloud computing environment, wherein the alert including an identifier of the cloud entity and a severity indicator, and wherein the cloud computing environment is represented in a security graph; generating a severity index for the received alert based on the identifier of the cloud entity and the severity indicator; and initiating a mitigation action based on the severity index.

Abstract: A method and system for determining abnormal configuration of network objects deployed in a cloud computing environment are provided. The method includes collecting network object data on a plurality of network objects deployed in the cloud computing environment; constructing a network graph based on the collected network object data, wherein the network graph includes a visual representation of network objects identified in the cloud computing environment; determining relationships between the identified network objects in the network graph, wherein the determined relationships between the identified network objects includes descriptions of connections between the identified network objects; and analyzing the network graph and the determined relationships to generate insights, wherein the generated insights include at least a list of abnormal connections between the identified network objects.

Abstract: A method and system for cataloging network objects in a cloud environment are presented. The system includes collecting at least network object data on a plurality of network objects operable in a cloud environment, wherein the plurality of network objects are operable at different layers of the cloud environment; identifying the plurality of network objects operable in the cloud environment; constructing at least a network graph based on the identified network objects; determining relationships between the identified network objects in the at least a network graph; generating at least an insight for least one of the identified network objects, wherein the insight is generated in response to the network graph and the determined relationships; and tagging each of the plurality of network objects for which an insight is generated.

Abstract: A method, a non-transitory computer readable medium, and a proxy device. The method includes receiving, by a proxy device, a request to access a first web resource of a plurality of web resources; modifying a received response to include at least a messaging handler, wherein the response corresponds to the received request; returning the modified response with the messaging handler to a client device, wherein the messaging handler causes establishment of a communication channel between the client device and a notification server; and providing the notification server with at least one notification, wherein the notification server immediately pushes the at least one notification to the client device over the communication channel, wherein the at least one notification is related to at least the first web resource.

Abstract: When processing events associated with a group comprising multiple different sub-groups, a hash function can be applied to the sub-group identifier to map the events associated with the sub-group to different computational elements used to process the group's events. The hash value can be a number between 1 and n or 0 and n?1 where n is the number of computational elements available to the group. Data concerning the last time a particular value for a property was encountered in an event stream can be retained. On each computational element assigned to the group, the detection of a particular property value in an event of a sub-group can be collected, periodically aggregated and sent to each of the computational elements used by the group, thereby enabling the first detection of a new property value within a group of events to be determined.

Abstract: When processing events associated with a group comprising multiple different sub-groups, a hash function can be applied to the sub-group identifier to map the events associated with the sub-group to different computational elements used to process the group's events. The hash value can be a number between 1 and n or 0 and n?1 where n is the number of computational elements available to the group. Data concerning the last time a particular value for a property was encountered in an event stream can be retained. On each computational element assigned to the group, the detection of a particular property value in an event of a sub-group can be collected, periodically aggregated and sent to each of the computational elements used by the group, thereby enabling the first detection of a new property value within a group of events to be determined.

Abstract: According to examples, an apparatus may include a processor and a memory having instructions that are to cause processor to access an event log that lists an event item corresponding to an event that occurred at a network appliance, determine that the event item matches an item listed in a user log that lists records of user information and a plurality of items, in which the records correspond to user events in a network, identify the user information corresponding to the matching item, determine a confidence level that the identified user information corresponds to the event item, determine whether the confidence level exceeds a certain threshold value, in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event item, and insert an entry into a database that the user information corresponds to the event item.

Abstract: A method, a non-transitory computer readable medium, and a proxy device. The method includes receiving, by a proxy device, a request to access a first web resource of a plurality of web resources; modifying a received response to include at least a messaging handler, wherein the response corresponds to the received request; returning the modified response with the messaging handler to a client device, wherein the messaging handler causes establishment of a communication channel between the client device and a notification server; and providing the notification server with at least one notification, wherein the notification server immediately pushes the at least one notification to the client device over the communication channel, wherein the at least one notification is related to at least the first web resource.