Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.

Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.

Abstract: A system and method improves cloud detection and response by generating a normalized event log from a plurality of cloud service providers (CSPs). The method includes receiving a plurality of events, wherein a first event of the plurality of events is generated in a cloud computing environment provided by a first CSP and a second event of the plurality of events is generated in a cloud computing environment provided by a second CSP; extracting data from an event of the plurality of events; generating a normalized event based on the extracted data and a predefined data schema, the predefined data schema including a plurality of data fields; storing the normalized event in a transactional database having stored therein a normalized event log; and applying a rule from a rule engine on a normalized event stored in the transactional database to detect a cybersecurity threat in any of the CSPs.

Abstract: A system and method improves cloud detection and response by generating a normalized event log from a plurality of cloud computing layers. The method includes receiving a plurality of events, wherein a first event is generated in a first cloud layer of a cloud computing environment provided by a cloud service provider (CSP) and a second event is generated in a second cloud layer of the cloud computing environment; extracting data from each event; generating a normalized event based on the extracted data and further based on a predefined data schema, the predefined schema including a plurality of data fields, at least a portion of which are related to cloud layers; storing the normalized event in a transactional database having stored therein a normalized event log; and applying a rule from a rule engine on the normalized event to detect a cybersecurity threat in the cloud computing environment.

Abstract: A system and method traces suspicious activity to a workload based on a forensic log. The method includes detecting in at least one cloud log of a cloud computing environment a plurality of events, each event indicating an action in the cloud computing environment; extracting from an event of the plurality of events an identifier of a cloud entity, wherein the event includes an action which is predetermined as indicative of a suspicious event; traversing a security graph to detect a node representing the cloud entity, wherein the security graph further includes a representation of the cloud computing environment; detecting that the node representing the cloud entity is connected to a node representing a cybersecurity vulnerability; and initiating a mitigation action for the cloud entity based on the cybersecurity vulnerability.

Abstract: A system and method for detecting a cloud detection and response (CDR) event from a cloud log. The method includes detecting an identifier of a cloud entity in a cloud log, wherein the cloud log includes a plurality of records generated by a cloud computing environment; detecting a node in a security graph based on the identifier of the cloud entity, wherein the security graph includes a representation of the cloud computing environment; generating a CDR event in response to determining from the security graph that the first node is associated with a cybersecurity threat; and initiating a mitigation action based on the cybersecurity threat.

Abstract: A system and method detects an exploited vulnerable cloud entity. The method includes: detecting in at least one cloud log of a cloud computing environment a plurality of events, each event corresponding to a failed action, each event further corresponding to a cloud entity deployed in the cloud computing environment; extracting from the cloud log an identifier of the cloud entity; traversing a security graph to detect a node representing the cloud entity, based on the extracted identifier, wherein the security graph includes a representation of the cloud computing environment; detecting a node representing a cybersecurity vulnerability connected to the node representing the cloud entity; and initiating a mitigation action for the workload based on the cybersecurity vulnerability.

Abstract: A system and method for generating a compact forensic event log based on a cloud log, includes: traversing a security graph to detect a node representing a cloud entity in a cloud computing environment, wherein the security graph includes a representation of the cloud computing environment; detecting a node representing a cybersecurity threat connected to the node representing the cloud entity; parsing a cloud log of the cloud computing environment to detect a data record, the data record including an attribute of the node representing the cloud entity; and generating a compact forensic event log including the detected data record.

Abstract: Methods, systems and computer program products are provided for service to service SSH with authentication and SSH session reauthentication. A client service initiates an SSH session by automatically providing authentication information to an authentication provider service, which returns access information. The client service uses an SSH client to automatically provide the access information to an SSH server, which receives and validates the access information. A service-to-service SSH session is created between the SSH client and SSH server. The client service and a server service may communicate securely via the service-to-service SSH session. Security may be maintained for any type of SSH connection (e.g., user to service, service to service) by periodically and automatically providing and validating reauthentication and refresh information. AN SSH connection/session is maintained if periodic access information is validated.

Abstract: A method and proxy device for securing an access to a cloud-based application are presented. In an embodiment, the method includes receiving an authentication token that includes an identity of a user of a client device requesting an access to the cloud-based application. The method further includes receiving, from an agent executed in the client device, a client certificate; retrieving, from a compliance server, a device posture of the client device, wherein the device posture is retrieved respective of the received client certificate; identifying an access policy for the client device to access the cloud-based application, and determining whether to grant an access to the cloud-based application based in part on the compliance of the client device with the identified access policy. In an embodiment, the access policy is identified based at least on the retrieved device posture.

Abstract: A system and method for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is connected between the server and the multi-tenant database; capturing, by the proxy device, at least a response from the multi-tenant database, wherein the response includes returned data; analyzing the response to determine if the returned data relates to a global-tenant table; upon determining that the returned data relates to the global-tenant table, modifying the response to designate at least one tenant-specific table name that the returned data belongs to; and sending the modified response to the server.

Abstract: A method and system for securing a cloud application are provided. The method includes receiving a webpage sent to a client device from at least one cloud application; injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device; intercepting at least one encrypted text field inserted into the DOM; and modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.

Abstract: A proxy module for monitoring modifications to a database and external to the database includes a query processing module to monitor traffic to and from the database. The traffic includes queries to the database. The query processing module is further to identify a query corresponding to a request to modify the database. A trigger event module is to generate a trigger event based on the request. The trigger event indicates a modification of the database associated with the request. The trigger event module is further to cause the trigger event to be communicated from the proxy module to at least one entity accessing the database.

Abstract: A system and method for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is connected between the server and the multi-tenant database; capturing, by the proxy device, at least a response from the multi-tenant database, wherein the response includes returned data; analyzing the response to determine if the returned data relates to a global-tenant table; upon determining that the returned data relates to the global-tenant table, modifying the response to designate at least one tenant-specific table name that the returned data belongs to; and sending the modified response to the server.

Abstract: A method and system for securing a cloud application are provided. The method includes receiving a webpage sent to a client device from at least one cloud application; injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device; intercepting at least one encrypted text field inserted into the DOM; and modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.

Abstract: A method and proxy device for on-demand generation of cryptographic certificates. The method includes receiving, by a proxy device, a request to access a cloud application; identifying a domain name designated in the received request; determining if the identified domain name is signed by a valid cryptographic certificate saved locally in the proxy device; and sending, to a certificate generator system, a certification request to issue a new cryptographic certificate to sign the identified domain name, when the identified domain name is not a signed domain name.

Abstract: A method and system for modifying network addresses of at least one cloud application. The method comprises receiving a webpage sent to a client device from the at least one cloud application, wherein a webpage designates at least one script loaded to the client device during runtime; injecting a piece of code to the webpage; receiving, by the injected piece of code, an attempt to load each of the at least one script; modifying the at least one script by suffixing each network address designated in the at least one script with a predefined network address; and sending the modified at least one script to the client device, wherein runtime execution of the modified at least one script on the client device causes redirection of future requests from the client device to the cloud application to the suffixed network address.

Abstract: A method and proxy device for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is communicatively connected between the server and the multi-tenant database; capturing, by the proxy device, at least a request to access the multi-tenant database, wherein the request is communicated using a database-specific protocol; analyzing the request to determine if the request is legitimate; upon determining that the request is not legitimate, modifying the request to point to a global-tenant table and to designate a unique tenant identifier, wherein the unique tenant identifier corresponds to a tenant-specific table name designated in the global-tenant table; and sending the modified request to the multi-tenant database using the database-specific protocol.

Abstract: A proxy module for monitoring modifications to a database and external to the database includes a query processing module to monitor traffic to and from the database. The traffic includes queries to the database. The query processing module is further to identify a query corresponding to a request to modify the database. A trigger event module is to generate a trigger event based on the request. The trigger event indicates a modification of the database associated with the request. The trigger event module is further to cause the trigger event to be communicated from the proxy module to at least one entity accessing the database.

Abstract: A method and system for protecting cloud-based applications executed in a cloud computing platform are presented. The method includes intercepting traffic flows from a plurality of client devices to the cloud computing platform, wherein each of the plurality of client devices is associated with a user attempting to access a cloud-based application; extracting at least one parameter from the intercepted traffic related to at least each client device and a respective user attempting to access the cloud-based application; determining based on, the at least one parameter and at least a set of parameters combining cloud-based application risk factors for a provider of the cloud computing platform, a risk indicator for the user attempting to access the cloud-based application; and performing an action to mitigate a potential risk to the cloud computing platform based on the determined risk indicator.