Abstract: A system and method for detection of cyber threats embedded in cloud applications are provided. The method includes inspecting a plurality of computing resources to detect code of at least one cloud application executed in a cloud environment; filtering the detected code to remove a portion of the code that is non-unique for the at least one cloud application; performing static analysis on the unique portion of the code to identify a mismatch between the unique portions of the code and its verified version stored in a code repository; and comparing each identified mismatch with at least a vulnerability tool, wherein a mismatch is a potential cyber threat embedded in the code.

Abstract: A system and method for prioritizing alerts and mitigation actions against cyber threats in a cloud computing environment. The method includes detecting an alert based on a cloud entity deployed in a cloud computing environment, wherein the alert including an identifier of the cloud entity and a severity indicator, and wherein the cloud computing environment is represented in a security graph; generating a severity index for the received alert based on the identifier of the cloud entity and the severity indicator; and initiating a mitigation action based on the severity index.

Abstract: A system and method for generating a contextual cloud risk assessment of a cloud computing environment. The method includes accessing a plurality of cloud assessment policies, wherein a policy including a query executable on a security graph; applying the plurality of cloud assessment policies to the representation of the first cloud computing environment; generating a risk assessment report based on an output generated by applying a policy of the plurality of cloud assessment polices; and initiating a mitigation action based on a cybersecurity risk from the risk assessment report.

Abstract: A method for updating a destination volume, the method may include monitoring duplicate traffic that represents original traffic that is exchanged between at least one host computer and a first storage system; wherein the monitoring is executed by a controller during an execution of a migration or a replication of a source volume of the first storage system to a destination volume of a second storage system; wherein the controller is not included in the first storage system; wherein the original traffic is related to the source volume; wherein the duplicate traffic is sent toward the controller by at least one switch that attempts to duplicate the original traffic; and controlling, based upon the monitoring, a process of updating the destination volume with a set of source volume updates, wherein the set of source volume updates are reflected in the duplicate traffic and are received during the execution of the migration.

Abstract: A method for updating a destination volume, the method may include monitoring duplicate traffic that represents original traffic that is exchanged between at least one host computer and a first storage system; wherein the monitoring is executed by a controller during an execution of a migration or a replication of a source volume of the first storage system to a destination volume of a second storage system; wherein the controller is not included in the first storage system; wherein the original traffic is related to the source volume; wherein the duplicate traffic is sent toward the controller by at least one switch that attempts to duplicate the original traffic; and controlling, based upon the monitoring, a process of updating the destination volume with a set of source volume updates, wherein the set of source volume updates are reflected in the duplicate traffic and are received during the execution of the migration.

Abstract: A storage system that includes a management communication interface coupled to a storage management layer and further includes a data communication interface. Upon receiving a request for accessing the storage management layer, from the host, via the data communication interface, the management layer sends to the host, access information necessary for allowing access of the host to the storage management layer via the management communication interface; and upon receiving a management command, from the host via the management communication interface, the host is provided with access to the storage management layer, in cases where the management command conforms to the access information.

Abstract: A method, including configuring data migration from a first volume to a second volume, which are coupled via a storage area network (SAN) to a host computer, with the first volume mapped to the host computer. A volume identifier associated with the first volume is copied to a memory coupled to the second volume, and the copied volume identifier is retrieved from the memory by the host computer. A state of the second volume is set to inactive, and the inactive second volume is mapped to the host computer. A state of the first volume is set to inactive, and the status is data from the inactive first volume to the inactive second volume. After the copying, data migration is started from the inactive first volume to the inactive second volume, and after the starting, the state of the second volume is set to active.

Abstract: An apparatus for configuring data migration comprises a host computer, a first volume, a second volume, a storage area network (SAN) configured to couple the host computer, the first volume, and the second volume, a memory coupled to the second volume, and a processor configured to map the first volume to the host computer; to copy a volume identifier associated with the mapped first volume to the memory, to retrieve, by the host computer, the copied volume identifier from the memory, to set a state of the second volume to inactive, to map the inactive second volume to the host computer, to set a state of the mapped first volume to inactive, to synchronize status data between the inactive first volume and the inactive second volume, after the copying, to start data migration from the inactive first volume to the inactive second volume, and after the starting, to set the state of the second volume to active.

Abstract: A method for configuring transparent synchronous mirroring volume switching for a first volume and a second volume that are coupled, via a storage area network, to a host computer, with the first volume mapped to the host computer. The method includes initiating synchronization of status data between the first volume and the second volume, and setting the first volume to an active state. The second volume is set to an inactive state, and an identifier associated with the active first volume is copied to a memory coupled to the inactive second volume. The copied identifier is retrieved from the memory by the host computer, and the inactive second volume is then mapped to the host computer.

Abstract: A method for configuring transparent synchronous mirroring volume switching for a first volume and a second volume that are coupled, via a storage area network, to a host computer, with the first volume mapped to the host computer, by. The method includes initiating synchronization of status data between the first volume and the second volume, and setting the first volume to an active state. The second volume is set to an inactive state, and an identifier associated with the active first volume is copied to a memory coupled to the inactive second volume. The copied identifier is retrieved from the memory by the host computer, and the inactive second volume is then mapped to the host computer.

Abstract: A method, including configuring data migration from a first volume to a second volume, which are coupled via a storage area network (SAN) to a host computer, with the first volume mapped to the host computer. A volume identifier associated with the first volume is copied to a memory coupled to the second volume, and the copied volume identifier is retrieved from the memory by the host computer. A state of the second volume is to inactive, and the inactive second volume is mapped to the host computer. A state of the first volume is set to inactive, and the status is data from the inactive first volume to the inactive second volume. After the copying, data migration is started from the inactive first volume to the inactive second volume, and after the starting, the state of the second volume is set to active.

Abstract: An apparatus for configuring data migration comprises a host computer, a first volume, a second volume, a storage area network (SAN) configured to couple the host computer, the first volume, and the second volume, a memory coupled to the second volume, and a processor configured to map the first volume to the host computer; to copy a volume identifier associated with the mapped first volume to the memory, to retrieve, by the host computer, the copied volume identifier from the memory, to set a state of the second volume to inactive, to map the inactive second volume to the host computer, to set a state of the mapped first volume to inactive, to synchronize status data between the inactive first volume and the inactive second volume, after the copying, to start data migration from the inactive first volume to the inactive second volume, and after the starting, to set the state of the second volume to active.

Abstract: An apparatus for configuring transparent synchronous mirroring volume switching comprises a first volume, a second volume, a storage area network (SAN) configured to couple the host computer, the first volume and the second volume, a memory coupled to the second volume, and a processor configured to map the first volume to the host computer, to initiate synchronization of status data between the mapped first volume and the second volume, to set the mapped first volume to an active state and the second volume to an inactive state, to copy an identifier associated with the active first volume to a memory coupled to the inactive second volume, to retrieve, by the host computer, the copied identifier from the memory, and after the retrieving, to map the inactive second volume to the host computer.

Abstract: A method for configuring transparent synchronous mirroring volume switching for a first volume and a second volume that are coupled, via a storage area network, to a host computer, with the first volume mapped to the host computer, by. The method includes initiating synchronization of status data between the first volume and the second volume, and setting the first volume to an active state. The second volume is set to an inactive state, and an identifier associated with the active first volume is copied to a memory coupled to the inactive second volume. The copied identifier is retrieved from the memory by the host computer, and the inactive second volume is then mapped to the host computer.