Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for technology stack discovery by performing active inspection of a cloud computing environment utilizing disk cloning is described. The method includes: generating an inspectable disk based on an original disk of a reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; detecting a cybersecurity object on the inspectable disk, the cybersecurity object indicating a cybersecurity issue; selecting a network path including a network protocol to access the reachable resource; and actively inspecting the network path to detect the cybersecurity issue.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

Abstract: A technique and method for detection and display of the cybersecurity risk context of a cloud environment initiates an inspection of cybersecurity objects within a cloud environment utilizing an inspection environment and stores information pertaining to discovered cybersecurity objects within the inspected cloud environment in a storage environment. The technique and method further generate a cybersecurity risk context for the inspected cloud environment based on the observations made concerning the cybersecurity objects contained within it. The technique and method further configure a web browser running on a client device to automatically display the generated cybersecurity risk context to a user, either through a web page overlay or through a toolbar plugin which has been installed in the web browser and configured to enable inspections of a cloud environment, once the user has navigated to a web page containing cybersecurity object identifiers.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.

Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.

Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment initiates inspection based on data received from a sensor deployed on a workload. The method includes: configuring a resource, deployed in a cloud computing environment, to deploy thereon a sensor, the sensor configured to detect runtime data; detecting a potential cybersecurity threat on the resource based on detected runtime data received from the sensor; and initiating inspection of the resource for the potential cybersecurity threat.

Abstract: A system and method for inspecting managed workloads in a cloud computing environment for cybersecurity threats improves inspection of managed workload service repositories, by only inspecting bases of managed workload deployed in the cloud computing environment. The method includes discovering a managed workload deployed in a cloud computing environment; determining an identifier of the managed workload, wherein the identifier includes an indicator to a base repository in which a base is stored, and wherein the managed workload is currently deployed in the cloud computing environment, the base repository further storing a plurality of bases, wherein a portion of the plurality of bases do not correspond to a deployed workload; accessing the base repository to pull the base; and inspecting the base of the deployed managed workload for a cybersecurity threat.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; deploying a virtual instance based on the snapshot to generate a database, the database including a database management system (DBMS); querying the DBMS to fetch data from the database; classifying the fetched data, wherein the fetched data is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the fetched data and the classification thereof, wherein the security graph includes a representation of the cloud computing environment.

Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration of an image in a virtualized computing environment generates an instruction to deploy a virtual instance based on a base image, the virtual instance including a disk. The method further includes generating an inspectable disk based on the disk of the virtual instance; receiving a markup language document, the document including a plurality of definitions, each including a data element; inspecting the inspectable disk for a cybersecurity object corresponding to a data element of a first definition of the plurality of definitions; evaluating the first definition based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generating an output based on the evaluated first definition result; and generating the output based on a notification, in response to determining that the definition is unevaluable.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; detecting a data object in the plurality of data files, the data object including a data schema and a content; classifying the first data object based on the content, wherein the content is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the first data object and the classification thereof, wherein the security graph further includes a representation of the cloud computing environment.

Abstract: A system and method for providing dynamic network traffic policies. The method includes: detecting a cybersecurity risk on a workload deployed in a cloud computing environment, the cloud computing environment having a firewall connected to an untrusted network; and configuring the firewall to filter network traffic to the workload based on the detected cybersecurity risk.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.