Abstract: A system and method for inspecting a resource deployed in a cloud computing environment for a cybersecurity threat is presented. The method includes detecting a virtual instance deployed in a cloud computing environment, the virtual instance associated with an original disk; generating a cloned disk directly based on the original disk, wherein the original disk is provisioned storage from a cloud storage system; generating a cloned disk descriptor associated with the cloned disk, the cloned disk descriptor pointing to the provisioned storage; inspecting the cloned disk for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk; and releasing the cloned disk in response to completing inspection of the cloned disk.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.

Abstract: A system and method for active inspection of vulnerability exploitation in a cloud computing environment is presented. The method includes inspecting a first resource to detect a cybersecurity vulnerability; receiving at least one network path to access the first resource, wherein the first resource is deployed in the cloud computing environment and is potentially accessible from an external network which is external to the cloud computing environment via the at least on network path; actively inspecting the at least one network path utilizing a network access instruction; generating a trigger instruction, based on at least one predetermined triggering instruction, wherein the at least one predetermined triggering instruction is configured to trigger the cybersecurity vulnerability; initiating the generated trigger instruction over the at least one network path, in response to determining that the first resource is accessible from the external network.

Abstract: A system and method for providing third party compliance to computing environments without providing access thereto. The method includes: generating a representation of the computing environment, the computing environment including a plurality of identities; generating a software inventory of the computing environment utilizing a cybersecurity inspection technique; determining compliance of the computing environment based on the representation and the software inventory; and providing the determined compliance to a third party, wherein the third party is not associated with the plurality of identities.

Abstract: A system and method for applying a policy on a network path is presented. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is deployed in a cloud computing environment, having access to an external network; actively inspecting an external network path to determine if the network path of the reachable resource is accessible from the external network; determining that the network path is a valid path, in response to determining that the reachable resource is accessible from the external network path; applying a policy on the valid path; and initiating a mitigation action, in response to determining that the policy is violated.

Abstract: A system and method for detecting cybersecurity risk on a resource in a computing environment utilizes static analysis of a cloned resource and runtime data from the live resource. The method includes: configuring a resource deployed in a computing environment to deploy thereon a sensor, the sensor configured to detect runtime data; detecting runtime data from the sensor of the resource; generating an inspectable disk based on an original disk of the resource; initiating inspection based on the detected runtime data for a cybersecurity object on the inspectable disk; detecting the cybersecurity object on an inspectable disk; and initiating a mitigation action on the resource.

Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment initiates inspection based on data received from a sensor deployed on a workload. The method includes: configuring a resource, deployed in a cloud computing environment, to deploy thereon a sensor, the sensor configured to detect runtime data; detecting a potential cybersecurity threat on the resource based on detected runtime data received from the sensor; and initiating inspection of the resource for the potential cybersecurity threat.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.

Abstract: A system and method for agentless generation of a software bill of materials (SBOM) in a cloud computing environment is disclosed. The method includes: accessing a plurality of workloads in a cloud computing environment; detecting in each workload of the plurality of workloads a software component; generating for each workload an SBOM based on the detected software component; and storing each SBOM in a database.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for inspecting different types of cloud workloads for cybersecurity threats, all deployed in a cloud computing environment, includes a unifying extractor to expose different compute types to agnostic inspectors. The method includes accessing a first cloud workload of a first type from a plurality of deployed cloud workloads; accessing a second cloud workload of a second type from the plurality of deployed cloud workloads; extracting data from each of the first cloud workload and the second cloud workload into a storage layer having a data schema, based on a predefined data structure; and inspecting the extracted data to detect a first target object, the target object indicating a cybersecurity threat, wherein extraction for each of the first cloud workload and the second cloud workload is based on the workload type.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: A system and method for performing authorization based active inspection of network paths for a resource, deployed in a cloud computing environment, includes receiving at least one network path to access the resource, wherein the resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the resource is accessible through the at least one network path from a network external to the cloud computing environment and requires access authorization.

Abstract: A system and method detect a malware infection path in a compute environment. The method includes detecting a malware object on a first workload in a computing environment including a plurality of workloads, wherein the first workload is represented by a resource node on a security graph, the security graph including an endpoint node representing a resource which is accessible to a public network; generating a potential infection path between the resource node and the endpoint node including at least a second resource node connected to the resource node; inspecting a second workload of the plurality of workloads represented by the second resource node; determining that the potential infection path is a confirmed infection path, in response to detecting the malware on the second workload; and determining that the potential infection path is not an infection path, in response to detecting that the second workload does not include the malware.

Abstract: A system and method for providing dynamic network traffic policies is provided. The method includes: inspecting a workload for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk, wherein the workload is deployed in a cloud computing environment having a firewall connected to an external network; detecting the cybersecurity risk on the workload based on the cybersecurity object; generating a policy for the firewall based on the cybersecurity risk; and configuring the firewall to apply the generated policy.

Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.

Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; detecting a data object in the plurality of data files, the data object including a data schema and a content; classifying the first data object based on the content, wherein the content is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the first data object and the classification thereof, wherein the security graph further includes a representation of the cloud computing environment.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a generic key is disclosed. The method includes: detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a default key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the default key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.