Abstract: A system and method for inspecting a resource in an on-premises environment for a cybersecurity threat are disclosed. According to an embodiment, the method includes initiating a network communication between an on-premises environment and an inspection environment; scanning the on-premises environment for a workload, the workload including a disk; generating an inspectable disk based on the disk; providing access to an inspector deployed in the inspection environment to inspect the inspectable disk for a cybersecurity object; and releasing a resource allocated to the inspectable disk in response to detecting that inspection of the inspectable disk is complete.

Abstract: Systems and methods for zero trust network security. A method includes sending a unique intermediate certificate authority (CA) certificate to each of a plurality of entities, wherein each entity of the plurality of entities is installed on a respective node of a plurality of nodes in a network environment; and causing deployment of an agent on each of the plurality of nodes, each agent corresponding to the entity installed on the same node as the agent is configured to enforce at least one network firewall policy based on the intermediate CA certificate sent to the corresponding entity.

Abstract: Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A method includes intercepting a packet from a sender entity to a recipient entity; determining whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, wherein each entity identifier is unique among the plurality of entity identifiers, wherein the rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other; forwarding the packet to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity; and performing at least one mitigation action when it is determined that the recipient entity is not permitted to communicate with the sender entity.

Abstract: A system and method for scanning of virtual machine images. The method includes creating a virtual machine instance of a virtual machine based on a virtual machine image of the virtual machine and an application programming interface (API) of an environment in which the virtual machine is to be deployed, wherein the virtual machine image has an entry point such that the virtual machine instance executes the entry point; and replacing the entry point of the virtual machine instance with a lightweight script, wherein the lightweight script is configured to retrieve a static scanner executable, to execute the static scanner executable, and to send results of the scanning.

Abstract: A system and method for securing execution of software containers using security profiles. The method includes exporting a container image to a host device from a container image source, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile indicates at least a list of permissible filesystem actions, wherein each permissible filesystem action is an action performed with respect to at least one filesystem resource; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.

Abstract: A system and method for traffic enforcement in containerized environments. The method includes analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image; determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines a configuration for inspecting and filtering traffic directed to the first container; and filtering, based on the filtering profile, malicious traffic directed to the first container.

Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.

Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least networking ports that are allowed for at least one of: access to the application container, and access by the application container; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.

Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least a list of permissible filesystem actions, wherein each permissible filesystem action is an action performed with respect to at least one filesystem resource; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.