Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: A method and system for implementing a cloud native crowdsourced cyber security service. Specifically, the disclosed method and system entail leveraging existing disaster recovery (DR) solutions to perform cyber security assessments on cloud native application images restored within isolated cloud-based testing sandboxes. In leveraging existing DR solutions, a crowdsourced cyber security service is integrated into the existing DR solution as an additional feature.

Abstract: A method and system for implementing threat intelligence as a service in a cloud computing environment. Specifically, the disclosed method and system entail leveraging existing disaster recovery (DR) solutions to perform threat intelligence tests and identify known cyber security threats and/or anomalous activity instigated by unknown cyber security threats, if any, on system images backed up on the existing DR solution. In leveraging existing DR solutions, a threat intelligence service is integrated into the existing DR solution as an additional feature.

Abstract: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.

Abstract: One example method includes bringing up a clone application in a validation environment, replaying recorded incoming network traffic to the clone application, obtaining a response of the clone application to the incoming network traffic, comparing the response of the clone application to recorded outgoing network traffic of the production application, and making a validation determination regarding the clone application, based on the comparison of the response of the clone application to recorded outgoing network traffic of the production application. When the clone application is not validated, the example method includes identifying and resolving a problem relating to the clone application.

Abstract: A method and system for implementing cyber security as a service in a cloud computing environment. Specifically, method and system entail leveraging existing disaster recovery (DR) solutions to perform cyber security tests and assess cyber security vulnerabilities, if any, on system and/or application images backed up on the existing DR solution. In leveraging existing DR solutions, a cyber security service is integrated into the existing DR solution as an additional feature.

Abstract: A method and a system for implementing golden container storage. Specifically, the disclosed method and system entail the creation of a container registry to securely store golden containers (or templates) for containers of specific application types that execute within a service platform. Given short retention spans, the containers are constantly being cycled out. Each recreated container is modeled after one of the golden containers, and assigned new Internet Protocol (IP) and/or media access control (MAC) addresses rather than assuming the existing addresses of the containers the recreated containers replace. Substantively, embodiments of the invention employ these tactics towards implementing a moving target defense (MTD) strategy.