Abstract: The technology disclosed relates to an introspector that scans an organization's accounts on cloud storage services and detects resources on the cloud storage services configured to store the organization's data, and identifies the detected resources in a resource list. The technology disclosed further includes an inline proxy that controls manipulation of the detected resources based on the resource list.

Abstract: The technology disclosed proposes a metadata-based solution to prevent malicious data egress resulting from resource-level transactions. In advance of the data egress requests, the technology disclosed crawls an organization's accounts on different cloud storage services and makes a resource list of different cloud-based resources configured under the organization's accounts. The resource list is then stored in a metadata store. When an inline proxy receives a resource-level transaction that is requesting to move a cloud-based resource outside the organization's account, the proxy looks up the metadata store and determines whether the resource-level transaction is attempting to manipulate any of the cloud-based resources listed in the resource list. If so, then the proxy blocks the resource-level transaction.

Abstract: The disclosed computer-implemented method for detecting security anomalies in a public cloud environment using network activity monitoring, application profiling, and self-building host mapping may include (1) collecting host information that identifies (A) at least one communication channel that has previously facilitated communication between at least one host computing platform within a cloud computing environment and at least one additional computing platform and/or (B) at least one application that has previously run on the host computing platform, (2) monitoring network traffic involving the host computing platform, (3) detecting, while monitoring the network traffic, network activity that is inconsistent with the collected host information, and then (4) determining that the detected network activity represents a potential security threat within the cloud computing environment due at least in part to the detected network activity being inconsistent with the collected host information.

Abstract: The present disclosure relates to protecting temporary virtual machine instances in a cloud computing platform from security risks. An example method generally includes monitoring a cloud platform for the assignment of a temporary virtual machine instance to a workload. A security system obtains information about a configuration of the temporary virtual machine instance and applications deployed on the temporary virtual machine instance. Based on the configuration of the temporary virtual machine instance and applications deployed on the temporary virtual machine instance, the security system generates a security policy to apply to the temporary virtual machine instance.

Abstract: The disclosed computer-implemented method for detecting security anomalies in a public cloud environment using network activity monitoring, application profiling, and self-building host mapping may include (1) collecting host information that identifies (A) at least one communication channel that has previously facilitated communication between at least one host computing platform within a cloud computing environment and at least one additional computing platform and/or (B) at least one application that has previously run on the host computing platform, (2) monitoring network traffic involving the host computing platform, (3) detecting, while monitoring the network traffic, network activity that is inconsistent with the collected host information, and then (4) determining that the detected network activity represents a potential security threat within the cloud computing environment due at least in part to the detected network activity being inconsistent with the collected host information.