Abstract: A system and method for application endpoint validation and securement is presented. The method includes: detecting an application endpoint on a resource deployed in a computing environment; generating in a security database: a representation of the application endpoint, and a representation of the resource, wherein the security database includes a representation of the computing environment; determining a network path between the resource and an external network, the network path including the application endpoint and a reachability parameter; initiating active inspection of the application endpoint over the network path; and initiating a mitigation action in the computing environment in response to determining through active inspection that the application endpoint is exposed to the external network.

Abstract: A system and method for cybersecurity inspection of a volume based on image layers is disclosed. In some implementations, the method may include generating an inspectable disk based on a volume of a virtual instance, the volume generated based on a plurality of images, each image corresponding to a unique layer of a plurality of layers. In addition, the method may include parsing a manifest associated with the volume, the manifest including an identifier of each unique layer. The method may include determining an order of layers based on the manifest, where a first layer of the virtual instance is deployed prior to a second layer of the virtual instance. Moreover, the method may include initiating inspection for a cybersecurity object on a first layer of the plurality of layers. Also, the method may include initiating a mitigation action in response to detecting the cybersecurity object.

Abstract: A system and method for applying a unified policy across multiple computing environments is disclosed. In an embodiment, the method includes configuring an admission controller deployed in a first software container cluster to receive a policy from a unified policy engine, the first software container cluster deployed in a first computing environment; configuring the admission controller to apply the received policy to a resource of the first software container cluster; and applying the policy on a second resource in a second computing environment.

Abstract: In some implementations, the device may include detecting a virtual instance deployed in a computing environment, the virtual instance deployed based on a software image. In addition, the device may include detecting an image name of the software image. The device may include accessing an image software repository to retrieve the software image based on the detected image name. Moreover, the device may include initiating validation of the retrieved software image. Also, the device may include initiating a mitigation action on the virtual instance in response to detecting that the retrieved software image is an invalid software image.

Abstract: In some aspects, a device includes selecting a signed software image for deployment in a computing environment, the software image signed utilizing a private cryptographic key of an asymmetrical cryptography scheme. Also, the device may include accessing a public cryptographic key corresponding to the private cryptographic key. Furthermore, the device may include configuring an admission controller of a software container cluster deployed in the computing environment to verify the signed software image utilizing the public cryptographic key. In addition, the device may include deploying the signed software image in the software container cluster in response to verifying the signed software image. Moreover, the device may include denying deployment of the signed software image, in response to determining that the signed software image is signed with a key which is not the private cryptographic key.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: A system and method for applying a cybersecurity contextual policy in a computing environment are disclosed. In an embodiment, the method includes: detecting a cybersecurity object on a virtualization, the virtualization deployed in a computing environment; detecting a policy of the computing environment, the policy including a conditional rule; generating a contextual policy based on: the conditional rule, and an exception to the conditional rule based on the cybersecurity object; and configuring an admission controller of a software container cluster deployed in the computing environment to apply the contextual policy.

Abstract: A system and method detecting an artificial intelligence (AI) pipeline in a cloud computing environment. The method includes: inspecting a cloud computing environment for an AI pipeline component; detecting a connection between a first AI pipeline component and a second AI pipeline component; generating a representation of each of: the first AI pipeline component, the second AI pipeline component, and the connection, in a security database; and generating an AI pipeline based on the generated representations.

Abstract: A system and method for detecting an attack path in a computing environment is presented. The method includes: detecting a forensic artifact in a computing environment, the forensic artifact including an identifier of a resource deployed in the computing environment; inspecting the resource for a cybersecurity object, the cybersecurity object indicating a cybersecurity issue; generating a representation of: the detected forensic artifact, the resource, and the cybersecurity object, in a security database, wherein the security database includes a representation of the computing environment; generating a potential lateral movement path between the resource and another resource; and generating a visualization based on the potential lateral movement, the forensic artifact, and the cybersecurity object.

Abstract: A system and method for detecting a cybersecurity object in operating system-level virtualization objects. The method comprises: inspecting a first image of an operating system-level virtualization for a cybersecurity object; inspecting a second image for the cybersecurity object, wherein the second image is based off of the first image; associating the cybersecurity object with the first image, in response to detecting the cybersecurity object in the first image and detecting the cybersecurity object in the second image; and associating the cybersecurity object with the second image, in response to detecting the cybersecurity object in the second image and not detecting the cybersecurity object in the first image.

Abstract: A system and method for near real time detection of cybersecurity threats in a computing environment. The method includes: detecting an event in a data log, the data log including a plurality of data records, each data record corresponding to at least an event; parsing a data record corresponding to the event to detect a data value; detecting a node in a security graph, the node corresponding to the detected data value, wherein the security graph includes a representation of the computing environment; initiating inspection of a resource corresponding to the node.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for securing the development of software applications are provided.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A system and method for assembling a disk for cybersecurity inspection is disclosed. The method includes receiving access to an inspectable disk, the inspectable disk including a block device and a list of partitions; mounting a first partition from the list of partitions at a first directory in response to detecting a first operating system on the first partition; detecting a boot directory on a second partition from the list of partitions in response to detecting a second operating system on the second partition; detecting a mounting partition from a configuration file of the detected boot directory; detecting a filesystem table on the mounting partition; and mounting each partition from the list of partitions based on an order indicated by the filesystem table.

Abstract: A system and method for inspecting a resource in an on-premises environment for a cybersecurity threat are disclosed. According to an embodiment, the method includes initiating a network communication between an on-premises environment and an inspection environment; scanning the on-premises environment for a workload, the workload including a disk; generating an inspectable disk based on the disk; providing access to an inspector deployed in the inspection environment to inspect the inspectable disk for a cybersecurity object; and releasing a resource allocated to the inspectable disk in response to detecting that inspection of the inspectable disk is complete.

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

Abstract: A method and system for populating multi-layer technology product catalogs are provided.

Abstract: A system and method for generating a remediation action in a computing environment based on a cybersecurity inspection. The method includes: inspecting a computing environment for a cybersecurity object; detecting a cybersecurity issue in the computing environment based on detection of the cybersecurity object; generating an input for a generative remediator based on the detected cybersecurity issue, wherein the generative remediator is configured to generate an output including a remediation action based on the input; and initiating the remediation action in the computing environment.