Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment initiates inspection based on data received from a sensor deployed on a workload. The method includes: configuring a resource, deployed in a cloud computing environment, to deploy thereon a sensor, the sensor configured to detect runtime data; detecting a potential cybersecurity threat on the resource based on detected runtime data received from the sensor; and initiating inspection of the resource for the potential cybersecurity threat.

Abstract: A system and method for performing inspection of a reachable code object of a cloud computing environment is presented. The method includes detecting a network path for each resource of a plurality of resources deployed in a cloud computing environment, wherein the network path includes at least a portion between an external network and the cloud computing environment; determining reachability parameters of each resource of the plurality of resources for which a network path is detected; accessing a code repository including a plurality of code objects; actively inspecting the network path of a resource to determine if the network path is a viable network path; mapping each resource having a viable network path to a code object of the plurality of code objects; inspecting a mapped code object for a cybersecurity object; and initiating a remediation action based on the cybersecurity object.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for detecting a cybersecurity risk of an artificial intelligence (AI), is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; inspecting the AI model for a cybersecurity risk; generating a representation of the cybersecurity risk in the security database, the representation of the cybersecurity risk connected to the representation of the AI model in response to detecting the cybersecurity risk; and initiating a mitigation action based on the cybersecurity risk.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: A system and method for initiating a remediation action on a software service in a computing environment are presented. The method includes detecting a software service in a computing environment, the service including a code object and a resource; generating a representation of the software service in a security database, the security database further including a representation of the computing environment; traversing the security database to detect a plurality of components, each component having a representation connected to the representation of the software service; initiating inspection for a cybersecurity object on each component of the software service; and initiating a remediation action on each component of the software service on which the cybersecurity object is detected.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.

Abstract: A system and method for inspecting different types of cloud workloads for cybersecurity threats, all deployed in a cloud computing environment, includes a unifying extractor to expose different compute types to agnostic inspectors. The method includes accessing a first cloud workload of a first type from a plurality of deployed cloud workloads; accessing a second cloud workload of a second type from the plurality of deployed cloud workloads; extracting data from each of the first cloud workload and the second cloud workload into a storage layer having a data schema, based on a predefined data structure; and inspecting the extracted data to detect a first target object, the target object indicating a cybersecurity threat, wherein extraction for each of the first cloud workload and the second cloud workload is based on the workload type.

Abstract: A system and method for detecting a combined cybersecurity risk for an artificial intelligence (AI) model is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; detecting a first cybersecurity risk respective of the AI model; inspecting the computing environment for a cybersecurity object; determining that the AI model is exposed to a toxic combination cybersecurity risk based on the detected first cybersecurity risk and the cybersecurity object; and initiating a mitigation action based on the toxic combination cybersecurity risk.

Abstract: A system and method for performing authorization based active inspection of network paths for a resource, deployed in a cloud computing environment, includes receiving at least one network path to access the resource, wherein the resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the resource is accessible through the at least one network path from a network external to the cloud computing environment and requires access authorization.

Abstract: A system and method detect a malware infection path in a compute environment. The method includes detecting a malware object on a first workload in a computing environment including a plurality of workloads, wherein the first workload is represented by a resource node on a security graph, the security graph including an endpoint node representing a resource which is accessible to a public network; generating a potential infection path between the resource node and the endpoint node including at least a second resource node connected to the resource node; inspecting a second workload of the plurality of workloads represented by the second resource node; determining that the potential infection path is a confirmed infection path, in response to detecting the malware on the second workload; and determining that the potential infection path is not an infection path, in response to detecting that the second workload does not include the malware.

Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.

Abstract: A system and method for providing dynamic network traffic policies is provided. The method includes: inspecting a workload for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk, wherein the workload is deployed in a cloud computing environment having a firewall connected to an external network; detecting the cybersecurity risk on the workload based on the cybersecurity object; generating a policy for the firewall based on the cybersecurity risk; and configuring the firewall to apply the generated policy.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a generic key is disclosed. The method includes: detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a default key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the default key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.