Abstract: A system and method for cybersecurity inspection of private software registries is presented. The method includes: deploying an inspection broker in a computing environment, the inspection broker configured to communicate with a private registry of the computing environment; configuring the inspection broker to access the private registry for a list of objects stored in the private registry; selecting an object from the private registry for cybersecurity inspection; inspecting the object for a cybersecurity object in the computing environment; generating an inspection result based on detection of the cybersecurity object; sending the inspection result to an inspection environment, the inspection environment including a representation of the computing environment; and initiating a mitigation action based on the inspection result, the mitigation action generated in response to an instruction from the inspection environment.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: A system and method for inspecting different types of cloud workloads for cybersecurity threats, all deployed in a cloud computing environment, includes a unifying extractor to expose different compute types to agnostic inspectors. The method includes accessing a first cloud workload of a first type from a plurality of deployed cloud workloads; accessing a second cloud workload of a second type from the plurality of deployed cloud workloads; extracting data from each of the first cloud workload and the second cloud workload into a storage layer having a data schema, based on a predefined data structure; and inspecting the extracted data to detect a first target object, the target object indicating a cybersecurity threat, wherein extraction for each of the first cloud workload and the second cloud workload is based on the workload type.

Abstract: An architecture of a multi-cloud inspector for any computing device type is provided. According to an embodiment, a method for implementing multi-cloud inspection includes accessing an object list, determining which objects to inspect, determining which inspectors to use, creating object copies, providing and running inspectors for each object copy, receiving inspection report summaries, generating an enriched dataset, and adding the enriched dataset to a security graph database.

Abstract: A system and method for generating a database query based on a natural language query is presented. The method includes receiving an unstructured natural language query directed to a security database, wherein the security database includes a representation of a computing environment; selecting a group of database queries from a plurality of preexisting database queries based on a similarity to the unstructured natural language query; generating a context for processing by a language model, the context including the selected group of database queries, an identified technology, and a schema of the computing environment; processing a prompt and the generated context utilizing the language model to generate a second database query; and executing the second database query on the security database.

Abstract: A system and method for applying a unified security policy across a technology stack, includes detecting a cloud object in a first cloud computing environment, the cloud object including a plurality of attributes, each attribute having a corresponding value; detecting a node in a security graph having a data field value which matches an attribute value of the cloud object, wherein the security graph includes a representation of a cloud environment; applying a policy based on the data field value to the detected cloud object; and applying the policy to another cloud object in a second cloud computing environment, in response to determining that a node representing the cloud object in the security graph is connected to a node representing the another cloud object.

Abstract: In some implementations, the device may include detecting a virtual instance deployed in a computing environment, the virtual instance deployed based on a software image. In addition, the device may include detecting an image name of the software image. The device may include accessing an image software repository to retrieve the software image based on the detected image name. Moreover, the device may include initiating validation of the retrieved software image. Also, the device may include initiating a mitigation action on the virtual instance in response to detecting that the retrieved software image is an invalid software image.

Abstract: A system and method for assembling a disk for cybersecurity inspection is disclosed. The method includes receiving access to an inspectable disk, the inspectable disk including a block device and a list of partitions; mounting a first partition from the list of partitions at a first directory in response to detecting a first operating system on the first partition; detecting a boot directory on a second partition from the list of partitions in response to detecting a second operating system on the second partition; detecting a mounting partition from a configuration file of the detected boot directory; detecting a filesystem table on the mounting partition; and mounting each partition from the list of partitions based on an order indicated by the filesystem table.

Abstract: A system and method for inspecting private code repositories for cybersecurity issues is presented. The method includes accessing a private code repository, the private code repository including a plurality of code objects; generating a pull request including code for an inspector, the inspector configured to detect a cybersecurity object in a code object of the plurality of code objects; initiating the pull request in the private code repository; and receiving a result from the inspector, wherein the result includes an identifier of the code object and an identifier of a detected cybersecurity object, wherein the cybersecurity object indicates a cybersecurity issue.

Abstract: A system and method for validating cybersecurity issues utilizing runtime data is disclosed. In an embodiment the method includes: inspecting a workload deployed in a computing environment for a cybersecurity issue; deploying a sensor on the workload, the sensor configured to collect runtime data from the workload; initiating a first mitigation action with a first priority in the computing environment in response to validating the cybersecurity issue from the collected runtime data; initiating a second mitigation action with a second priority, which is lower than the first priority, in response to failing to validate the cybersecurity issue from the collected runtime data.

Abstract: A technique and method for detection and display of the cybersecurity risk context of a cloud environment initiates an inspection of cybersecurity objects within a cloud environment utilizing an inspection environment and stores information pertaining to discovered cybersecurity objects within the inspected cloud environment in a storage environment. The technique and method further generate a cybersecurity risk context for the inspected cloud environment based on the observations made concerning the cybersecurity objects contained within it. The technique and method further configure a web browser running on a client device to automatically display the generated cybersecurity risk context to a user, either through a web page overlay or through a toolbar plugin which has been installed in the web browser and configured to enable inspections of a cloud environment, once the user has navigated to a web page containing cybersecurity object identifiers.

Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.

Abstract: A technique and method for detection and display of the cybersecurity risk context of a cloud environment initiates an inspection of cybersecurity objects within a cloud environment utilizing an inspection environment and stores information pertaining to discovered cybersecurity objects within the inspected cloud environment in a storage environment. The technique and method further generate a cybersecurity risk context for the inspected cloud environment based on the observations made concerning the cybersecurity objects contained within it. The technique and method further configure a web browser running on a client device to automatically display the generated cybersecurity risk context to a user, either through a web page overlay or through a toolbar plugin which has been installed in the web browser and configured to enable inspections of a cloud environment, once the user has navigated to a web page containing cybersecurity object identifiers.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.

Abstract: A system and method for applying a policy on a network path is presented. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is deployed in a cloud computing environment, having access to an external network; actively inspecting an external network path to determine if the network path of the reachable resource is accessible from the external network; determining that the network path is a valid path, in response to determining that the reachable resource is accessible from the external network path; applying a policy on the valid path; and initiating a mitigation action, in response to determining that the policy is violated.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: A system and method for initiating remediation actions in response to a cybersecurity issue in a computing environment is presented. The method includes configuring a virtual instance deployed in the computing environment to receive a plurality of remediation scripts from an inspection environment; detecting a cybersecurity issue in the computing environment; configuring the virtual instance to initiate a remediation action of a plurality of remediation actions based on detecting the cybersecurity issue, each remediation action including at least a remediation script of the plurality of remediation scripts; and receiving a feedback in the inspection environment from the virtual instance in response to initiating the remediation action.

Abstract: A cybersecurity system provides the ability to detect security risks in a cross-platform cloud solution. A unified data schema is used to abstract resources, principals and others across multiple platforms. A security graph is generated to present a unified view of cloud environments, which are then easily queried using the structure of the data schema. The solution allows a compact representation of cloud environments, which is scalable and multi-layered. The security graph allows for representation of production environments, staging environments, as well as code for deploying workloads in the cloud environment. Thus the solution is also able to present a complete picture of a user's entire cloud environment. The solution further allows to generate subgraph views, by associating a tag to certain nodes, then rendering a view based on nodes which include the tag, and all children nodes thereof.