Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.

Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.

Abstract: A system and method detects a vulnerable code object in configuration code for deploying instances in a cloud computing environment. The method includes: accessing a configuration code, including a plurality of code objects, where a code object of the plurality of code objects corresponds to a deployed principal; detecting in a log a plurality of access events, each access event associated with a first principal deployed in the cloud computing environment based on a first code object of the plurality of code objects; determining a first set of permissions associated with the first code object. The method also includes determining a second set of permissions based on the plurality of access events. The method also includes detecting a difference between the second set of permissions and the first set of permissions; and generating an updated code object based on the first code object and the detected difference.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.