Abstract: A method and system for implementing risk-based cyber security. Specifically, the disclosed method and system entail evaluating risk as a decision threshold for conducting cyber security assessments of system images within cloud computing environments. Further, the disclosed method and system pivot on intelligence pertaining to the latest cyber threats and/or vulnerabilities found worldwide.

Abstract: A method and system for implementing cloud native application threat detection. Specifically, the disclosed method and system entail configuring a webhook within a build pipeline for cloud native applications, which when triggered by the detection of modifications to container configuration and/or definition files associated with the cloud native applications, forwards exact copies of the cloud native applications to a threat detection service for cyber security assessing. Further, based on the assessing, cloud native applications may be impeded from continuing, or alternatively, may be permitted to continue along, the build pipeline.

Abstract: A method and system for implementing a cloud native crowdsourced cyber security service. Specifically, the disclosed method and system entail leveraging existing disaster recovery (DR) solutions to perform cyber security assessments on cloud native application images restored within isolated cloud-based testing sandboxes. In leveraging existing DR solutions, a crowdsourced cyber security service is integrated into the existing DR solution as an additional feature.

Abstract: A method and system for implementing threat intelligence as a service in a cloud computing environment. Specifically, the disclosed method and system entail leveraging existing disaster recovery (DR) solutions to perform threat intelligence tests and identify known cyber security threats and/or anomalous activity instigated by unknown cyber security threats, if any, on system images backed up on the existing DR solution. In leveraging existing DR solutions, a threat intelligence service is integrated into the existing DR solution as an additional feature.

Abstract: A method and system for implementing cyber security as a service in a cloud computing environment. Specifically, method and system entail leveraging existing disaster recovery (DR) solutions to perform cyber security tests and assess cyber security vulnerabilities, if any, on system and/or application images backed up on the existing DR solution. In leveraging existing DR solutions, a cyber security service is integrated into the existing DR solution as an additional feature.

Abstract: A method and a system for implementing golden container storage. Specifically, the disclosed method and system entail the creation of a container registry to securely store golden containers (or templates) for containers of specific application types that execute within a service platform. Given short retention spans, the containers are constantly being cycled out. Each recreated container is modeled after one of the golden containers, and assigned new Internet Protocol (IP) and/or media access control (MAC) addresses rather than assuming the existing addresses of the containers the recreated containers replace. Substantively, embodiments of the invention employ these tactics towards implementing a moving target defense (MTD) strategy.

Abstract: A computer program product, system, and method for generating coded fragments comprises initializing historical I/O activity data structures and recent I/O activity data structures associated with a logical unit (LU) of storage; receiving an I/O request from a host, the I/O request associated with one or more chunks within the LU; adding metadata about the I/O request to the recent I/O activity data structures; generating a ransomware probability by comparing the recent I/O activity data structures to the historical I/O activity data structures; and if the ransomware probability exceeds a first threshold value, taking one or more first actions to mitigate the effects of ransomware within the host.

Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to intercept a storage communication directed over a storage channel between a potentially infected machine and an associated storage system, and to determine if the intercepted storage communication is from a security agent deployed on the potentially infected machine. If the intercepted storage communication is from the security agent, at least a portion of the communication is provided to a security system. If the intercepted storage communication is not from the security agent, the communication is forwarded to the storage system. Accordingly, the security agent is configured to communicate with the security system using storage communications sent over the storage channel in a manner that avoids detection of the security agent by malware that may be installed on the machine and configured to monitor network communications.

Abstract: A technique authenticates a user. The technique involves receiving, by processing circuitry, a handwritten code. The technique further involves performing, by the processing circuitry, a set of assessment operations which includes (i) a handwriting evaluation to analyze a set of biometric handwriting aspects of the handwritten code and (ii) a code evaluation to analyze code accuracy of the handwritten code. The technique further involves providing, by the processing circuitry, an authentication result based on the set of assessment operations. Such a technique strengthens security by including a “who you are” factor (i.e., handwriting biometrics uniquely identify the genuine user).