Abstract: A system and method for cloud native discovery and protection. The method includes identifying a plurality of cloud assets in a cloud native environment based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one of: each of the at least one cloud asset, and at least one security solution deployed in the cloud native environment, wherein each cloud asset instance is an instance of one of the plurality of cloud assets; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: A system and method for traffic enforcement in containerized environments. The method includes analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image; determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines a configuration for inspecting and filtering traffic directed to the first container; and filtering, based on the filtering profile, malicious traffic directed to the first container.

Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.

Abstract: A host device and method for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.

Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including a plurality of training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each of the at least one service, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the at least one service that is not among the discrete behaviors defined in the at least one capability for the service.

Abstract: A system and method for serverless runtime application self-protection.

Abstract: A system and method for maintaining image integrity in a containerized environment. Image layers of a software container are scanned for metadata. The metadata is indexed and contextual metadata is added. Execution of the containerized environment is monitored to detect new image layers being executed. Integrity of images in the environment is maintained based on integrity rules and the metadata of each image layer. The integrity rules ensure image integrity by ensuring that pulled images are composed from trusted images, image layers are pushed by trusted users, image layers do not include potential vulnerabilities, and image layers do not override specific file paths. Trusted image layers may be automatically detected using a machine learning model trained based on historical image layer metadata.

Abstract: A method and system for runtime detection of botnets in containerized environments. The method includes creating a domain name system (DNS) policy for a software container, wherein the DNS policy defines at least a plurality of allowed domain names for the software container, wherein the DNS policy is created based on historical DNS queries by the software container; detecting a botnet based on traffic to and from the software container, wherein the botnet is detected when at least a portion of the traffic does not comply with the DNS policy, wherein the botnet is implemented via communication with a bot executed in the software container; and blocking at least one DNS query in the at least a portion of traffic, wherein each blocked DNS query is to a domain having a domain name that does not match any of the plurality of allowed domain names for the software container.

Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying at least one port through which the application is accessible when the application is not configured correctly, wherein the application is executed at a host device connected to at least one network, the host device having the at least one port; sending, to an external resource, connection data for connecting to the application via the at least one port, wherein the external resource is configured to attempt to connect to the application based on the connection data and to return results of the connection attempt; determining, based on the results of the connection attempt, whether an exposure vulnerability exists; and performing at least one mitigation action when an exposure vulnerability exists.

Abstract: A system and method for defending an application configured to invoke anonymous functions. The method includes analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying, based on the at least one branch of the application and at least one first anonymous function, at least one potential threat branch, each potential threat branch including a call to one of the at least one first anonymous function; and rewiring at least one first function call of the application to create a secured instance of the application, wherein each of the at least one first function call is to one of the at least one first anonymous function prior to rewiring.

Abstract: A system and method for traffic enforcement in containerized environments. The method includes analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image; determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines a configuration for inspecting and filtering traffic directed to the first container; and filtering, based on the filtering profile, malicious traffic directed to the first container.

Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.

Abstract: A system and method for runtime detection of vulnerabilities in an application software container that is configured to execute an application.

Abstract: A method and system for detecting vulnerable root certificates in container images are provided. The method includes receiving an event to scan at least one container image hosted in a host device, wherein the least one container image includes resources utilized to execute, by the host device, at least a respective software application container; extracting contents of layers of the at least one container image; scanning the extracted contents to generate a first list designating all root certificates included in the at least one container image; generating a second list designating all root certificates trusted by the host device; comparing the first list to the second list to detect at least one root certificate designated in the first list but not in the second; and determining the at least one detected root certificate as vulnerable.

Abstract: A strap with rotatably mounted clip fabricated in a single molding operation. The strap includes a strap retention member and a plurality of teeth. The rotatable clip includes a clip member, a pedestal and a head. The pedestal is retained in a pedestal opening formed through the strap. In fabrication, a top mold insert is slid into a top of first and second mold halves and a bottom mold insert is slid into a bottom of the first and second mold halves. Plastic is then injected into the first and second mold halves to independently and separately form the strap and the clip in a single molding process, wherein the inserts provide a space between the pedestal opening and the pedestal to allow the clip to rotate relative to the strap.

Abstract: An electrical connector including an electrical conductor body having disposed therewithin at least one dual contact function spring contact terminal. Each dual contact function spring contact terminal is characterized by an arm which originates at a primary nose of the electrical conductor body, whereat an arm bends 180 degrees forming an initial arm portion. A primary spring is connected to the initial arm portion and connects to a contact portion of the arm. A secondary nose is connected to the contact portion, whereat the arm bends 180 degrees. A secondary spring is connected to the secondary nose, the secondary spring carries an arm terminus which abuts the electrical conductor body, preferably at a relief spring. The primary and secondary springs function independently to provide resilient location of the contact portion independently of each other.

Abstract: A socket connector having an integral strain relief and seal seat. A connector body has an integral strain relief member composed of a terminal housing, a strain relief, and a seal seat. The seal seat is defined by a seal seat shroud characterized by a left sidewall, a right sidewall, a top wall, a bottom opening opposite the top wall, a terminal housing wall, and a strain relief wall. The strain relief is provided with strain relief openings aligned with terminal cavities of the socket connector. A peripherally ribbed elastomeric seal is sealingly received into the seal seat via the bottom opening, wherein openings of the seal align with the terminal cavities.

Abstract: A socket connector having a connector body co-molded with its peripheral and cable seals. In the first molding operation, a first tooling is placed into a mold and is configured so that plastic injected into the mold forms the connector body. In the second molding operation, a second tooling is placed into the mold and is configured so that elastomeric material injected into the mold passes through at least one passage of the connector body to thereby form the peripheral seal and, integrally therewith, the cable seal.

Abstract: A ring out system including a ring out holder and an electrical connector to be tested therewith. The holder has a plurality of ring out pins which are received into openings at the floor of each terminal passage of the connector, wherein continuity is impossible unless the terminals are properly at their locked position. For final ring out, a plurality of stabilizer pins of the holder enter stabilizer pin openings of the connector to provide terminal position stability during testing.

Abstract: An electrical connector including an electrical conductor body having disposed therewithin at least one dual contact function spring contact terminal. Each dual contact function spring contact terminal is characterized by an arm which originates at a primary nose of the electrical conductor body, whereat an arm bends 180 degrees forming an initial arm portion. A primary spring is connected to the initial arm portion and connects to a contact portion of the arm. A secondary nose is connected to the contact portion, whereat the arm bends 180 degrees. A secondary spring is connected to the secondary nose, the secondary spring carries an arm terminus which abuts the electrical conductor body, preferably at a relief spring. The primary and secondary springs function independently to provide resilient location of the contact portion independently of each other.