Abstract: In one aspect, a computerized method for detecting hiding and data intelligence gathering in a data lake or a cloud warehouse, comprising: implementing a hiding and data intelligence collection analysis phase in the data lake or the cloud warehouse; implementing a discovery process in the data lake or the cloud warehouse; implementing a data gathering process in the data lake or the cloud warehouse; and performing one or more dynamic masking operations to detect a Dynamic Masking column anomalies and to detect one or more atypical commands in the data lake or the cloud warehouse.
Abstract: In one aspect, a computerized method for attack generation on a data lake, comprises: for a data lake repository: providing an attack generation mimicry tool; with the attack generation mimicry tool: implementing a reconnaissance phase attack generation; implementing an infiltration phase attack generation on the data lake repository; implementing a hiding and data intelligence collection phase of the attack by hiding from any monitoring or notification system of the data lake repository and surveying the data lake repository to determine what data is worth abusing or exfiltrating from the data lake repository; implementing data gathering phase of the attack that gathers data about other objects, attributes, and relationships in the data lake repository; and implementing the exfiltration of the data or the abuse of the data.
Abstract: In one aspect, In one aspect, a computerized method for automatic grading, impact analysis and mapping to the CIA triad, comprising: identifying a value of a plurality of data stores; associating the value back to an attack scenario such that a measure of impact with respect to attack progression or susceptibility now has a pecuniary value and generating a grading score; associating the grading score mapped to Confidentiality, Integrity and Availability (CIA) Triad; associating an attack progression with the pecuniary value and priority; identifying a progression of the attack; determining a time that is available for a response before a damage occurs to a system under attack; determining a stage of the attack in an attack kill chain, wherein for every stage of the attack as the progress happens, associating the pecuniary value and an impact for such a stage; and automatically calculates an overall data threat grade of the system.
Abstract: In one aspect, a computerized method for detecting data abuse and data exfiltration in a data store or a data lakes cloud warehouse, comprising: identifying a plurality of Command and control (CnC) channels in an enterprise data cloud infrastructure; identifying and detecting malicious compressed data transfers and encrypted data transfers; implementing a destination analysis from within the data store; and implementing data abuse detection and prevention operations.