Abstract: A technique and method for detection and display of the cybersecurity risk context of a cloud environment initiates an inspection of cybersecurity objects within a cloud environment utilizing an inspection environment and stores information pertaining to discovered cybersecurity objects within the inspected cloud environment in a storage environment. The technique and method further generate a cybersecurity risk context for the inspected cloud environment based on the observations made concerning the cybersecurity objects contained within it. The technique and method further configure a web browser running on a client device to automatically display the generated cybersecurity risk context to a user, either through a web page overlay or through a toolbar plugin which has been installed in the web browser and configured to enable inspections of a cloud environment, once the user has navigated to a web page containing cybersecurity object identifiers.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key is presented. The method includes detecting an encrypted disk associated with a workload in a cloud computing environment, the cloud computing environment including a security policy server; authorizing a key policy for decrypting the encrypted disk on the security policy server for a custom key associated with an inspector account; decrypting the encrypted disk with the custom key by the inspector account; and generating an inspectable disk based on the decrypted encrypted disk.

Abstract: A system and method for inspecting a resource deployed in a cloud computing environment for a cybersecurity threat is presented. The method includes detecting a virtual instance deployed in a cloud computing environment, the virtual instance associated with an original disk; generating a cloned disk directly based on the original disk, wherein the original disk is provisioned storage from a cloud storage system; generating a cloned disk descriptor associated with the cloned disk, the cloned disk descriptor pointing to the provisioned storage; inspecting the cloned disk for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk; and releasing the cloned disk in response to completing inspection of the cloned disk.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.

Abstract: A system and method for active inspection of vulnerability exploitation in a cloud computing environment is presented. The method includes inspecting a first resource to detect a cybersecurity vulnerability; receiving at least one network path to access the first resource, wherein the first resource is deployed in the cloud computing environment and is potentially accessible from an external network which is external to the cloud computing environment via the at least on network path; actively inspecting the at least one network path utilizing a network access instruction; generating a trigger instruction, based on at least one predetermined triggering instruction, wherein the at least one predetermined triggering instruction is configured to trigger the cybersecurity vulnerability; initiating the generated trigger instruction over the at least one network path, in response to determining that the first resource is accessible from the external network.

Abstract: A system and method for providing third party compliance to computing environments without providing access thereto. The method includes: generating a representation of the computing environment, the computing environment including a plurality of identities; generating a software inventory of the computing environment utilizing a cybersecurity inspection technique; determining compliance of the computing environment based on the representation and the software inventory; and providing the determined compliance to a third party, wherein the third party is not associated with the plurality of identities.

Abstract: A system and method for detecting cloud identity misuse in a cloud computing environment is presented. The method includes: deploying a runtime sensor on a workload in a cloud computing environment; continuously receiving data from the runtime sensor; generating an activity baseline based on the continuously received data, wherein the runtime sensor is configured to detect runtime processes on the workload; detecting an event in a cloud log, the event including an identifier of the workload; associating a runtime process detected by the runtime sensor on the workload with the event detected in the cloud log; and determining that the event is an anomalous event based on the generated activity baseline.

Abstract: A system and method for applying a policy on a network path is presented. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is deployed in a cloud computing environment, having access to an external network; actively inspecting an external network path to determine if the network path of the reachable resource is accessible from the external network; determining that the network path is a valid path, in response to determining that the reachable resource is accessible from the external network path; applying a policy on the valid path; and initiating a mitigation action, in response to determining that the policy is violated.

Abstract: A system and method reduces use of restricted operations in a cloud computing environment during cybersecurity threat inspection. The method includes: detecting an encrypted disk in a cloud computing environment, the encrypted disk encrypted utilizing a first key in a key management system (KMS); generating a second key in the KMS, the second key providing access for a principal of an inspection environment; generating a snapshot of the encrypted disk; generating a volume based on the snapshot, wherein the volume is re-encrypted with the second key; generating a snapshot of the re-encrypted volume; generating an inspectable disk from the snapshot of the re-encrypted volume; and initiating inspection for a cybersecurity object on the inspectable disk.

Abstract: A system and method for detecting cybersecurity risk on a resource in a computing environment utilizes static analysis of a cloned resource and runtime data from the live resource. The method includes: configuring a resource deployed in a computing environment to deploy thereon a sensor, the sensor configured to detect runtime data; detecting runtime data from the sensor of the resource; generating an inspectable disk based on an original disk of the resource; initiating inspection based on the detected runtime data for a cybersecurity object on the inspectable disk; detecting the cybersecurity object on an inspectable disk; and initiating a mitigation action on the resource.

Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment initiates inspection based on data received from a sensor deployed on a workload. The method includes: configuring a resource, deployed in a cloud computing environment, to deploy thereon a sensor, the sensor configured to detect runtime data; detecting a potential cybersecurity threat on the resource based on detected runtime data received from the sensor; and initiating inspection of the resource for the potential cybersecurity threat.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.

Abstract: A system and method for detecting effective permissions of a principal in a cloud computing environment, includes detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; selecting a first principal node from the group of principal nodes; determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and associating the group of principal nodes with the determined permission.

Abstract: A system and method for generating a security graph utilizing a unified model based on multiple cloud environments are provided. The method includes receiving data from a first cloud environment pertaining to: resources, principals, and permissions; generating for each resource a corresponding resource node in the security graph, the corresponding resource node including an identifier of the resource, wherein the resource is a cloud entity deployed in the first cloud environment; generating for each principal a corresponding principal node in the security graph, the corresponding principal node including an identifier of the principal, wherein the principal is a cloud entity in the first cloud environment that generates an operation request in the first cloud environment; and generating a connection between at least a principal node and at least a resource node in the security graph, in response to detecting a permission indicating that a principal can access a resource.

Abstract: A system and method for agentless generation of a software bill of materials (SBOM) in a cloud computing environment is disclosed. The method includes: accessing a plurality of workloads in a cloud computing environment; detecting in each workload of the plurality of workloads a software component; generating for each workload an SBOM based on the detected software component; and storing each SBOM in a database.

Abstract: A system and method for detecting a cybersecurity object in an operating system-level virtualization is presented. The method includes detecting an identifier of a code object in a software artifact, wherein the software artifact represents a software container deployed in a cloud computing environment; determining a location of the code object based on the software artifact; inspecting the code object for a cybersecurity object, wherein the cybersecurity object indicates a cybersecurity threat; detecting a cybersecurity object in the code object; and initiating a remediation action based on the cybersecurity object in response to detecting the cybersecurity object in the code object.

Abstract: A system and method for detecting a combined cybersecurity risk for an artificial intelligence (AI) model is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; detecting a first cybersecurity risk respective of the AI model; inspecting the computing environment for a cybersecurity object; determining that the AI model is exposed to a toxic combination cybersecurity risk based on the detected first cybersecurity risk and the cybersecurity object; and initiating a mitigation action based on the toxic combination cybersecurity risk.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for detecting a cybersecurity risk of an artificial intelligence (AI), is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; inspecting the AI model for a cybersecurity risk; generating a representation of the cybersecurity risk in the security database, the representation of the cybersecurity risk connected to the representation of the AI model in response to detecting the cybersecurity risk; and initiating a mitigation action based on the cybersecurity risk.