Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: Disclosed embodiments relate to systems and methods for securely performing actions on a resource. Techniques include receiving a request by the entity to perform a privileged action on a resource, the request including a token associated with the entity; providing a first indication of the request to a first handler; providing a second indication of the request to a second handler configured to perform the privileged action on the resource, wherein when the privileged action includes a query, the second indication of the request is provided to a query handler, and when the privileged action includes a write command, the second indication of the request is provided to a command handler.

Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a tiered security policy based on the representation of the set of expected build actions, monitoring a dynamic pipeline running the build script, and enforcing the security policy for the dynamic pipeline environment.

Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.

Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a security policy based on the representation of the set of expected build actions, monitoring a build machine running the build script, and enforcing the security policy on the build machine.

Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.

Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: Disclosed embodiments relate to iteratively developing least-privilege profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity; evaluating each permission within the set of permission vectors, the evaluation being based on at least: whether each permission within the set of permission vectors provides sufficient authorization privileges for the network entity to perform an action, and a number of permissions in the set of permission vectors; selecting a group of the set of permission vectors; creating a new set of permission vectors for the network entity; iterating the evaluation for the new set of permission vectors; determining, following at least one instance of the iteration, whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: Disclosed embodiments relate to systems and methods for dynamically performing entity-specific security assessments for entities of virtualized network environments. Techniques include identifying an entity associated with a virtualized network environment, identifying a plurality of security factors, determining entity-specific weights to the plurality of security factors, and generating a composite exposure assessment for the entity.

Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.

Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.

Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.