Abstract: The techniques described herein relate to identifying network attack paths. An example method includes using at least one computer hardware processor to perform obtaining metadata indicating a set of network resources in a plurality of network resources and network connections among network resources in the set of network resources, generating, using the metadata, a relational representation of the set of network resources, generating, using the relational representation, a plurality of network paths between network resources in the set of network resources, and identifying, from among the plurality of network paths and using the relational representation and information indicating one or more of the plurality of network resources that have at least one respective security vulnerability, one or more network attack paths that may be used to exploit one or more security vulnerabilities of network resources in the set of network resources.

Abstract: The techniques described herein relate to visualizing network attack paths. An example method includes using at least one computer hardware processor to perform: identifying one or more vulnerable network resources in a plurality of network resources, each of the one or more vulnerable network resources having at least one respective security vulnerability; accessing at least one portion of a relational representation of a set of network resources in the plurality of network resources, identifying, using the at least one portion of the relational representation, one or more network attack paths between the one or more vulnerable network resources and network resources in the set, generating, using the at least one portion of the relational representation, a graph, and generating a GUI comprising a visualization of the graph and information indicating that the one or more attack paths may be used to exploit one or more security vulnerabilities of the set.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.