Abstract: A protection system is provided for delivering runtime security to a task including a workload container. The protection system uses a sidecar to limit access of the workload container to a standard library of the operating system running the workload container by modifying the task so that the sidecar is executed before the workload container. The sidecar places a guard loader into a shared volume and binds the workload container, such that calls to the workload container are passed to an agent binary. The agent binary compares requested calls from the workload container to a policy to approve and/or deny the requested calls. If the requested call is approved, then the requested call is passed to the standard library.

Abstract: A computer executed method is presented for identifying security issues in a workload. The method identifies instance(s) of the workload and scans each instance for security vulnerabilities using hierarchical and incremental scanning. The hierarchical and incremental scan of each instance is performed by identifying as a base machine image a machine image that has previously been scanned for security vulnerabilities and that the instance originated from. The differences between the instance and the base machine image are then identified and scanned for security vulnerabilities.

Abstract: A protection system is provided for delivering runtime security to a task including a workload container. The protection system uses a sidecar to limit access of the workload container to a standard library of the operating system running the workload container by modifying the task so that the sidecar is executed before the workload container. The sidecar places a guard loader into a shared volume and binds the workload container, such that calls to the workload container are passed to an agent binary. The agent binary compares requested calls from the workload container to a policy to approve and/or deny the requested calls. If the requested call is approved, then the requested call is passed to the standard library.

Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.