Abstract: A system and method for virtual machine image management. A method includes generating a plurality of software packages, wherein each software package is generated using a respective set of code; building a plurality of VM images based on a plurality of files, wherein building each VM image further comprises combining a subset of the plurality of software packages according to a corresponding file of the plurality of files, wherein each file includes a set of instructions for combining the subset of the plurality of software packages in order to build the corresponding VM image; and pushing the plurality of VM images in a repository.

Abstract: A system and method for vulnerability remediation. A method includes identifying a vulnerable software package among a plurality of software packages based on cybersecurity data indicating a vulnerability; identifying at least one vulnerable software image of a plurality of software images by determining that the at least one vulnerable software image contains the vulnerable software package based on a plurality of files, wherein each of the plurality of software images is built based on a corresponding file of the plurality of files, wherein each file of the plurality of files includes a set of instructions for combining a subset of the plurality of software packages in order to build the corresponding software image of the plurality of software images; and performing at least one remediation action with respect to the at least one vulnerable software image.

Abstract: A system and method for software image management. A method includes generating a plurality of software packages, wherein each software package is generated using a respective set of code; building a plurality of software images based on a plurality of files, wherein building each software image further comprises combining a subset of the plurality of software packages according to a corresponding file of the plurality of files, wherein each file includes a set of instructions for combining the subset of the plurality of software packages in order to build the corresponding software image; and storing the plurality of software images in a repository.

Abstract: Systems and methods for learning behavioral activity correlations. A method includes intercepting a plurality of requests, wherein each of the plurality of requests is directed to a respective destination entity of a plurality of destination entities; creating a request queue by queueing the plurality of requests; inspecting contents of the plurality of requests; separately forwarding each intercepted request to its respective destination entity based on the request queue; monitoring runtime output of each of the plurality of destination entities, wherein the runtime output includes behavioral activities of the plurality of destination entities; and training a machine learning model based on the contents of the plurality of requests the runtime output of each of the plurality of destination entities, wherein the machine learning model is trained to output request-output correlations between groups of requests and subsequent behavioral activities.

Abstract: A system and method for securing software images. A method includes generating software packages. Each software package is generated using a respective set of code. A first software package of the software packages includes code that configures a system to secure a computing environment based on a secret when executed. A software image is built based on a file, where the file includes a set of instructions for combining a subset of the software packages including the first software package and instructions for embedding the secret in order to build the software image. Building the software image further includes combining the subset of software packages according to the file and embedding the secret in the software image; and providing the software image for execution. The software image is executed by the system and, when executed, configures the system to deploy the software component based on the subset of software packages.

Abstract: A system and method for method for protecting cloud native environments based on cloud resource access. The method includes determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access.

Abstract: A system and method for software image management. A method includes generating a plurality of software packages including a plurality of units of code, wherein each software package is generated using a respective unit of code of the plurality of units of code, wherein the plurality of software packages includes a security package, wherein the respective unit of code for the security package configures a processing circuitry to perform at least one cybersecurity function when executed by the processing circuitry; and building a software image based on the plurality of software packages by executing a set of instructions of a file, wherein the set of instructions causes the plurality of software packages to be combined in order to build the software image when executed.

Abstract: A system and method for method for protecting cloud native environments based on cloud resource access. The method includes determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access.

Abstract: A system and method for vulnerability remediation. A method includes identifying a vulnerable software package among a plurality of software packages based on cybersecurity data indicating a vulnerability; identifying at least one vulnerable software image of a plurality of software images by determining that the at least one vulnerable software image contains the vulnerable software package based on a plurality of files, wherein each of the plurality of software images is built based on a corresponding file of the plurality of files, wherein each file of the plurality of files includes a set of instructions for combining a subset of the plurality of software packages in order to build the corresponding software image of the plurality of software images; and performing at least one remediation action with respect to the at least one vulnerable software image.

Abstract: Execution of software containers is secured using security profiles. A security profile is generated for a container image, wherein the container image includes resources utilized to execute a corresponding application container, wherein the generated security profile includes at least a spawned processes profile, wherein the spawned processes profile includes, for each spawned process executed at runtime by the application container, a signature of an executable file of the spawned process. The operation of a runtime execution of the application container is monitored. A violation of the spawned processes profile is detected based on the monitored operation.

Abstract: A system and method for building software image. A method includes generating a prompt based on an input portion of application-identifying data; prompting a generative artificial intelligence model using the prompt in order to output text indicating a plurality of software packages, wherein each software package is a set of code for performing a plurality of functions of an application; generating a software image recipe based on the output text, wherein the software image recipe is a file including a set of instructions that cause a processing circuitry to build the software image by combining the plurality of software packages when executed; and building the software image by executing the software image recipe via the processing circuitry, wherein the software image causes deployment of a software component when executed, wherein the software component is configured to perform the plurality of functions of the application.

Abstract: A system and method for software image management. A method includes generating a plurality of software packages, wherein each software package is generated using a respective set of code; building a plurality of software images based on a plurality of files, wherein building each software image further comprises combining a subset of the plurality of software packages according to a corresponding file of the plurality of files, wherein each file includes a set of instructions for combining the subset of the plurality of software packages in order to build the corresponding software image; and storing the plurality of software images in a repository.

Abstract: Zero trust network security is provided without modifying the underlying network infrastructure. A first entity at a first node in a network environment obtains an entity identifier and host certificate from a second entity installed on a second node. A determination is made as to whether the host certificate is valid based on a firewall policy and an intermediate certificate that was issued to the first entity. A determination is also made as to whether the entity identifier is valid based on a known infrastructure of the network environment. If the host certificate and entity identifier are valid, communications between the first and second entities can be allowed, while communications are blocked if at least one of the host certificate and the entity identifier is not valid.

Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each service based on a set of capabilities for respective known services stored within a library of service-to-capability mappings, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the services that is not among the discrete behaviors defined in capabilities for the service.

Abstract: Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A packet from a sender entity to a recipient entity is intercepted. A determination is made whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, and each entity identifier is unique among the plurality of entity identifiers. Rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other. The packet is forwarded to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity. At least one mitigation action is performed when it is determined that the recipient entity is not permitted to communicate with the sender entity.

Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.

Abstract: A system and method for scanning of virtual machine images. The method includes creating a virtual machine instance of a virtual machine based on a virtual machine image of the virtual machine and an application programming interface (API) of an environment in which the virtual machine is to be deployed, wherein the virtual machine image has an entry point such that the virtual machine instance executes the entry point; and replacing the entry point of the virtual machine instance with a lightweight script, wherein the lightweight script is configured to retrieve a static scanner executable, to execute the static scanner executable, and to send results of the scanning.

Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying an at-risk application, wherein identifying the at-risk application further comprises determining that the application is configured incorrectly; identifying at least one port through which the at-risk application is accessible when the at-risk application is determined to be configured incorrectly; and determining, based on the identified at least one port through which the at-risk application is accessible, whether an exposure vulnerability exists, wherein the exposure vulnerability is an unapproved exposure of at least one of the at least one port to external resources.

Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.

Abstract: Execution of software containers is secured using security profiles. A security profile is generated for a container image, wherein the container image includes resources utilized to execute a corresponding application container, wherein the generated security profile includes at least a spawned processes profile, wherein the spawned processes profile includes, for each spawned process executed at runtime by the application container, a signature of an executable file of the spawned process. The operation of a runtime execution of the application container is monitored. A violation of the spawned processes profile is detected based on the monitored operation.