Abstract: An architecture of a multi-cloud inspector for any computing device type is provided. According to an embodiment, a method for implementing multi-cloud inspection includes accessing an object list, determining which objects to inspect, determining which inspectors to use, creating object copies, providing and running inspectors for each object copy, receiving inspection report summaries, generating an enriched dataset, and adding the enriched dataset to a security graph database.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A method and system for populating multi-layer technology product catalogs are provided.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for providing third party compliance to computing environments without providing access thereto. The method includes: generating a representation of the computing environment, the computing environment including a plurality of identities; generating a software inventory of the computing environment utilizing a cybersecurity inspection technique; determining compliance of the computing environment based on the representation and the software inventory; and providing the determined compliance to a third party, wherein the third party is not associated with the plurality of identities.

Abstract: A system and method for detection of cyber threats embedded in cloud applications are provided. The method includes inspecting a plurality of computing resources to detect code of at least one cloud application executed in a cloud environment; filtering the detected code to remove a portion of the code that is non-unique for the at least one cloud application; performing static analysis on the unique portion of the code to identify a mismatch between the unique portions of the code and its verified version stored in a code repository; and comparing each identified mismatch with at least a vulnerability tool, wherein a mismatch is a potential cyber threat embedded in the code.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for identifying cloud identity misuse based on run-time time data and static analysis is presented. The method includes: detecting a workload in a cloud computing environment; configuring the workload to deploy a sensor configured to detect data respective of a runtime process executed on the workload; detecting an original disk associated with the workload; generating an inspectable disk based on the original disk; inspecting the inspectable disk for a cybersecurity object; detecting in a log of the cloud computing environment an event based on an identifier of the workload; inspecting a code object for an identity object, the code object utilized in deploying the workload in the cloud computing environment; associating the runtime process with the event based on: an identifier of the workload, the identity object, and the cybersecurity object; and generating an enriched log including an identifier of the runtime process.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; detecting a data object in the plurality of data files, the data object including a data schema and a content; classifying the first data object based on the content, wherein the content is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the first data object and the classification thereof, wherein the security graph further includes a representation of the cloud computing environment.

Abstract: A system and method for agentless generation of a software bill of materials (SBOM) in a cloud computing environment is disclosed. The method includes: accessing a plurality of workloads in a cloud computing environment; detecting in each workload of the plurality of workloads a software component; generating for each workload an SBOM based on the detected software component; and storing each SBOM in a database.

Abstract: A system and method for providing dynamic network traffic policies is provided. The method includes: inspecting a workload for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk, wherein the workload is deployed in a cloud computing environment having a firewall connected to an external network; detecting the cybersecurity risk on the workload based on the cybersecurity object; generating a policy for the firewall based on the cybersecurity risk; and configuring the firewall to apply the generated policy.

Abstract: A system and method for application endpoint validation and securement is presented. The method includes: detecting an application endpoint on a resource deployed in a computing environment; generating in a security database: a representation of the application endpoint, and a representation of the resource, wherein the security database includes a representation of the computing environment; determining a network path between the resource and an external network, the network path including the application endpoint and a reachability parameter; initiating active inspection of the application endpoint over the network path; and initiating a mitigation action in the computing environment in response to determining through active inspection that the application endpoint is exposed to the external network.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: A system and method for applying a unified policy across multiple computing environments is disclosed. In an embodiment, the method includes configuring an admission controller deployed in a first software container cluster to receive a policy from a unified policy engine, the first software container cluster deployed in a first computing environment; configuring the admission controller to apply the received policy to a resource of the first software container cluster; and applying the policy on a second resource in a second computing environment.

Abstract: A system and method for applying a cybersecurity contextual policy in a computing environment are disclosed. In an embodiment, the method includes: detecting a cybersecurity object on a virtualization, the virtualization deployed in a computing environment; detecting a policy of the computing environment, the policy including a conditional rule; generating a contextual policy based on: the conditional rule, and an exception to the conditional rule based on the cybersecurity object; and configuring an admission controller of a software container cluster deployed in the computing environment to apply the contextual policy.

Abstract: In some implementations, the device may include detecting a virtual instance deployed in a computing environment, the virtual instance deployed based on a software image. In addition, the device may include detecting an image name of the software image. The device may include accessing an image software repository to retrieve the software image based on the detected image name. Moreover, the device may include initiating validation of the retrieved software image. Also, the device may include initiating a mitigation action on the virtual instance in response to detecting that the retrieved software image is an invalid software image.