Abstract: A system and method detect a malware infection path in a compute environment. The method includes detecting a malware object on a first workload in a computing environment including a plurality of workloads, wherein the first workload is represented by a resource node on a security graph, the security graph including an endpoint node representing a resource which is accessible to a public network; generating a potential infection path between the resource node and the endpoint node including at least a second resource node connected to the resource node; inspecting a second workload of the plurality of workloads represented by the second resource node; determining that the potential infection path is a confirmed infection path, in response to detecting the malware on the second workload; and determining that the potential infection path is not an infection path, in response to detecting that the second workload does not include the malware.

Abstract: A system and method provide detection of a malware attack path. The method includes detecting at a first time a malware object on a first workload deployed in the compute environment, wherein the first workload is represented by a first node in a security graph, the security graph including a representation of the compute environment; querying the security graph to detect a second node connected to the first node, wherein the connection indicates that the first workload represented by the first node can access a second workload represented by the second node; and generating an instruction to inspect the second workload represented by the second node at a second time, occurring after the first time.

Abstract: A method and system for determining reachability of objects deployed in a cloud environment to an external network is presented. The method includes identifying a plurality of network paths in the cloud environment, wherein each network path includes at least two objects deployed in the cloud environment; statistically analyzing each object in each respective network path to determine its reachability properties; analyzing the reachability properties determined for each object to determine if the respective object is reachable through its respective network path from at least a network external to the cloud environment; and saving each object together with its respective network path and reachability properties in a database.

Abstract: A method for detecting escalation paths in a cloud environment is provided. The method includes accessing a security graph representing cloud objects and their connections in the cloud environment; analyzing each cloud object to detect an escalation hop from a current cloud object to a next cloud object, wherein the analysis is based, in part, on a plurality of risk factors and reachability parameters determined for each cloud object; and marking the security graph with each identified escalation path in the security graph, wherein an escalation path is a collection of escalation hops from a source cloud object to a destination cloud object.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: A method and system for determining abnormal configuration of network objects deployed in a cloud computing environment are provided. The method includes collecting network object data on a plurality of network objects deployed in the cloud computing environment; constructing a network graph based on the collected network object data, wherein the network graph includes a visual representation of network objects identified in the cloud computing environment; determining relationships between the identified network objects in the network graph, wherein the determined relationships between the identified network objects includes descriptions of connections between the identified network objects; and analyzing the network graph and the determined relationships to generate insights, wherein the generated insights include at least a list of abnormal connections between the identified network objects.

Abstract: A method and system for determining reachability of objects deployed in a cloud environment to an external network is presented. The method includes identifying a plurality of network paths in the cloud environment, wherein each network path includes at least two objects deployed in the cloud environment; statistically analyzing each object in each respective network path to determine its reachability properties; analyzing the reachability properties determined for each object to determine if the respective object is reachable through its respective network path from at least a network external to the cloud environment; and saving each object together with its respective network path and reachability properties in a database.

Abstract: A method and system for cataloging network objects in a cloud environment are presented. The system includes collecting at least network object data on a plurality of network objects operable in a cloud environment, wherein the plurality of network objects are operable at different layers of the cloud environment; identifying the plurality of network objects operable in the cloud environment; constructing at least a network graph based on the identified network objects; determining relationships between the identified network objects in the at least a network graph; generating at least an insight for least one of the identified network objects, wherein the insight is generated in response to the network graph and the determined relationships; and tagging each of the plurality of network objects for which an insight is generated.

Abstract: A method and system for determining reachability properties of security objects are provided. The method includes accessing a security graph, wherein the security graph lists all security objects and their connections in a cloud environment of an organization; identifying a plurality of network paths in the cloud environment, wherein each network path includes at least two security objects accessible in the cloud environment; for each of the plurality of identified network paths, iteratively analyzing each security object in a respective network path to determine its reachability properties, wherein the reachability properties of a security object as a minimal set of reachable properties of all other security objects in the respective network path; and populating the security graph with the determined reachability properties of each security object.

Abstract: A system that associates audio and/or video data with one or more calls for action, and manages, queries and displays the audio and video associated with a call for action based on defined or predefined criteria related to the audio and video data. The system selectively updates media files and Metadata from Meta tags, or Metadata feeds. The system spiders the Metadata or Metadata feeds for new Metadata to automate the submission and programming the audio and video data over a network. The system provides users with other call to action options including click to call, literature, order forms, and/or applications. The system optionally schedules audio and video media to target users by time of day, location, device, and other parameters to offer a call to action to different user audiences.