Abstract: Techniques for cybersecurity analysis. A method includes identifying a first set of paths to a first asset. The first set of paths includes a first path which allows for uploading inspection code, a second path which allows for running the inspection code, and a third path which allows for obtaining results of running the inspection code. The first set of paths is selected such that application programming interfaces (APIs) of the first set of paths are at least partially shared with APIs of a second set of paths to each of at least one second asset and, further, selected based on at least one request processing attribute of the at least one API used in order to access the first asset. The inspection code is uploaded via the first path and run via the second path. Outputs of the inspection code are obtained via the third path and analyzed.

Abstract: A system and method for inferring an operating system version for a device based on communications security data. A method includes identifying a plurality of sequences in communications security data sent by the device; determining an operating system type of an operating system used by the device based on the identified plurality of sequences; applying a version-identifying model to the identified plurality of sequences, wherein the version-identifying model is a machine learning model trained to output a version identifier, wherein the applied version-identifying model is associated with the determined operating system type; and determining the operating system version of the device based on the output of the version-identifying model.

Abstract: A system and method for exposure remediation. A method includes analyzing access logs for assets deployed in a computing environment with respect to network traffic in order to identify an indicator of a network access event involving an inbound connection from an external network. The at least one external network is external to the computing environment. The inbound connection includes at least some network traffic being transmitted to the computing environment from the external network. Network configurations of the assets are analyzed in order to identify indicators of a network configuration which enables the assets to be accessed with the external network. A network-facing asset is detected based on the network traffic and the network configurations. The network-facing asset is accessible via the inbound connection and the external network. An exposure is remediated with respect to the network-facing asset.

Abstract: A system and method for mitigating cyber threats. A method includes aggregating a plurality of mitigation actions into at least one mitigation action set with respect to at least one security control, wherein each mitigation action set includes a respective subset of the plurality of mitigation actions corresponding to a respective security control of the at least one security control; and performing the at least one mitigation action set via the at least one security control, wherein performing each mitigation action set includes sending a respective set of instructions, wherein the set of instructions sent for each mitigation action set causes a respective security control of the at least one security control to implement each mitigation action of the mitigation action set.

Abstract: A system and method for identifying security control gaps. A method includes integrating with a set of security controls deployed with respect to a computing environment, wherein integrating with the set of security controls further comprises deploying an artifact in the computing environment, wherein the artifact is configured to record a plurality of activities performed in the computing environment by the set of controls, wherein integrating with the set of security controls further comprises enforcing at least one policy requiring code releases in the computing environment to be signed using an instance of the artifact; and identifying at least one security control gap in the computing environment based on a configuration of the set of security controls.

Abstract: A system and method for security control mapping.

Abstract: A system and method for mitigating cyber threats. A method includes aggregating a plurality of mitigation actions into at least one mitigation action set with respect to at least one security control, wherein each mitigation action set includes a respective subset of the plurality of mitigation actions corresponding to a respective security control of the at least one security control; and performing the at least one mitigation action set via the at least one security control, wherein performing each mitigation action set includes sending a respective set of instructions, wherein the set of instructions sent for each mitigation action set causes a respective security control of the at least one security control to implement each mitigation action of the mitigation action set.

Abstract: Techniques for cybersecurity analysis. A method includes identifying a first set of paths to a first asset. The first set of paths includes a first path which allows for uploading inspection code, a second path which allows for running the inspection code, and a third path which allows for obtaining results of running the inspection code. The first set of paths is selected such that application programming interfaces (APIs) of the first set of paths are at least partially shared with APIs of a second set of paths to each of at least one second asset and, further, selected based on at least one request processing attribute of the at least one API used in order to access the first asset. The inspection code is uploaded via the first path and run via the second path. Outputs of the inspection code are obtained via the third path and analyzed.

Abstract: A system and method for inferring an operating system version for a device based on communications security data. A method includes identifying a plurality of sequences in communications security data sent by the device; determining an operating system type of an operating system used by the device based on the identified plurality of sequences; applying a version-identifying model to the identified plurality of sequences, wherein the version-identifying model is a machine learning model trained to output a version identifier, wherein the applied version-identifying model is associated with the determined operating system type; and determining the operating system version of the device based on the output of the version-identifying model.

Abstract: A system and method for mitigating cyber-threats. A method includes analyzing data in-memory for at least one software component during execution of each of the at least one software component; generating a base risk score based on the analysis of the data in-memory; analyzing a configuration of each of at least one security control with respect to the at least one software component; generating an applicable score based on the base risk score and the analysis of the configuration of each of the at least one security control; and mitigating at least one cyber-threat with respect to the at least one software component based on the applicable score.

Abstract: A system and method for identifying security control gaps. A method includes integrating with a set of security controls deployed with respect to a computing environment, wherein integrating with the set of security controls further comprises deploying an artifact in the computing environment, wherein the artifact is configured to record a plurality of activities performed in the computing environment by the set of controls; identifying at least one computing asset to be protected by the set of security controls; identifying at least one security control gap in the computing environment based on a configuration of the set of security controls, wherein each security control gap is defined with respect to one of the identified at least one computing asset; and performing at least one remediation action with respect to the identified at least one security control gap.

Abstract: A system and method for security control mapping.

Abstract: A system and method for mitigating vulnerabilities and exposures. A method includes: determining at least one mitigation action for mitigating a first vulnerable state using a mitigation knowledge base, wherein the mitigation knowledge base defines a plurality of mitigation actions for each of a plurality of second vulnerable states, wherein the plurality of mitigation actions defined for each second vulnerable state includes at least one mitigation action for a plurality of mitigation engines; and performing the at least one mitigation action via at least one mitigation engine of the plurality of mitigation engines.

Abstract: Techniques for cybersecurity analysis. A method includes identifying a first set of paths to a first asset. The first set of paths includes a first path which allows for uploading inspection code, a second path which allows for running the inspection code, and a third path which allows for obtaining results of running the inspection code. The first set of paths is selected such that application programming interfaces (APIs) of the first set of paths are at least partially shared with APIs of a second set of paths to each of at least one second asset and, further, selected based on at least one request processing attribute of the at least one API used in order to access the first asset. The inspection code is uploaded via the first path and run via the second path. Outputs of the inspection code are obtained via the third path and analyzed.

Abstract: A system and method for mitigating cyber threats. A method includes aggregating a plurality of mitigation actions into at least one mitigation action set with respect to at least one security control, wherein each mitigation action set includes a respective subset of the plurality of mitigation actions corresponding to a respective security control of the at least one security control; and performing the at least one mitigation action set via the at least one security control, wherein performing each mitigation action set includes sending a respective set of instructions, wherein the set of instructions sent for each mitigation action set causes a respective security control of the at least one security control to implement each mitigation action of the mitigation action set.

Abstract: A system and method for inferring an operating system version for a device based on communications security data. A method includes identifying a plurality of sequences in communications security data sent by the device; determining an operating system type of an operating system used by the device based on the identified plurality of sequences; applying a version-identifying model to the identified plurality of sequences, wherein the version-identifying model is a machine learning model trained to output a version identifier, wherein the applied version-identifying model is associated with the determined operating system type; and determining the operating system version of the device based on the output of the version-identifying model.

Abstract: A system and method for inferring device operating systems. A method includes applying a sequence-based model to an option-types sequence in order to output a plurality of first features, wherein each of the first features is a value representing a probability that the options-type sequence is associated with a respective operating system; applying a distribution dissimilarity model to metadata field distribution data extracted from the headers of the packets sent by the device in order to output a plurality of second features, wherein the plurality of second features includes a plurality of distances, wherein each distance is based on a difference between a distribution of values of each metadata field indicated in the metadata field distribution data; and applying an operating system inference model to the plurality of first features and the plurality of second features in order to output an inferred operating system for the device.