Abstract: In one aspect, a computerized method for detecting reconnaissance and infiltration in data lakes and cloud warehouses, comprising: monitoring a SaaS data store or a cloud-native data store from inside the data store; examining the attack and automatically identifies how far the attack has progressed in the attack lifecycle; identifying the target and scope of the attack evaluates how far the attackers have penetrated the system and what is their target; and establishing the value of the asset subject to the attackers' attack and maps the impact of the attack on the CIA (confidentiality, integrity and availability) triad.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: In one aspect, a computerized method for detecting data abuse and data exfiltration in a data store or a data lakes cloud warehouse, comprising: identifying a plurality of Command and control (CnC) channels in an enterprise data cloud infrastructure; identifying and detecting malicious compressed data transfers and encrypted data transfers; implementing a destination analysis from within the data store; and implementing data abuse detection and prevention operations.

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

Abstract: In one aspect, a computerized system for securing data cloning and sharing options on data warehouses, comprising: a clone determiner engine that determines that a data asset is a primary data asset or a clone data asset, wherein the clone determiner engine comprises: a log data analyzer that obtains and analyzes a set of logs of the data asset from a specified log source, and wherein set of logs are used to determine that the data asset is the primary data asset or the clone data asset, a timestamp analyzer engine that obtains a timestamp data of the data asset and reviews the timestamp data to analyze ordering of the data asset, and wherein the timestamp analyzer engine determines the data asset is a primary asset or a secondary asset, and a fingerprints analyzer that obtains and reviews the data asset and any metadata of data asset, and wherein the fingerprints analyzer creates a fingerprint based on a content of the data asset and the metadata of the data asset, and wherein the fingerprints analyzer then

Abstract: In one aspect, a computerized method for minimizing a data governance in order to improve data security, comprising: providing and imposing a set of access rules to a set of data, wherein the set of data is stored in a data warehouse; measuring a level of over provisioning of the set of data; measuring a level of data abuse susceptibility of the set of data; implementing a dark data governance operation on the set of data; and identifying a set of infrequently used roles in the set of data.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: In one aspect, a computerized system for locating anomalous query activity with a cloud-based database, comprising: with an atypical query engine: analyzing and understanding data within a cloud-based database, processing all accesses to the data within cloud-based database and SAAS environment, generating a list of user that accesses a table from a location in the cloud-based database using, and capture a set of specified key statistics about the cloud-based database query; and role suggestion engine: generating a user behavior fingerprint comprising a history of the user's behavior within the cloud-based database, identifying that a user is an outlier with respect to behavior with respect to the set of specified key statistics, and suggesting a new role within an enterprise managing the cloud-based database for the user, wherein the fingerprint of the outlier user is used to generate the suggestion for the new role.

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.

Abstract: In one aspect, a computerized method for locating one or more shadow vulnerable datastores for cloud-platform datastores includes the step of identifying a cloned data store of an original datastore in a cloud database instance. It includes the step of determining that the cloned datastore comprises a shadow vulnerable datastore. It includes the step of defining a security posture of the cloned datastore. It includes the step of publishing a digitized data clone security differential report comprising the security posture and one or more remediations to fix security posture issues.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

Abstract: In one aspect, a computerized method for automatically identifying and solving for vendor data abuse in an enterprise network, includes the step of implementing a vendor detection at one or more gateways of the enterprise network. The method includes the step of mapping a set of data along with any associated data attributes of the set of data that are being shared with a vendor via the one or more gateways. The method includes the step of detecting and identifying an access anomaly with respect to the set of data associated with a vendor access. The method includes the step of implementing a specified data minimization process to the access anomaly.