Systems and methods for passive key identification
地域:
Tel Aviv-Jaffa
摘要
A method is disclosed for accessing a primary account maintained in a cloud environment, receiving information defining a structure of the primary account, the structure including a plurality of assets, and deploying, inside the primary account or a secondary account for which trust is established with the primary account, at least one ephemeral scanner configured to scan at least one block storage volume and output metadata defining the at least one block storage volume, the output excluding raw data of the primary account. The method further comprises receiving a transmission of the metadata from the at least one ephemeral scanner, excluding raw data of the primary account, analyzing the metadata to identify cybersecurity vulnerabilities, correlating each of the cybersecurity vulnerabilities with one of the assets, and generating a report correlating the cybersecurity vulnerabilities with the assets. Systems and computer-readable media implementing the method are also disclosed.
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
This is a continuation of International Application No. PCT/IB2022/052670, filed on Mar. 23, 2022, which claims the priority and benefit of U.S. Provisional Application No. 63/180,048 filed on Apr. 26, 2021, the contents of both of which are hereby incorporated by reference in their entireties.
Disclosed embodiments include new systems and methods for securing cloud infrastructure to help meet compliance mandates, without disrupting business operations in live environments.
Modern organizations typically depend on cloud infrastructure for data storage and processing. Data storage and processing nodes, among other things, power today's electronic infrastructure. In contrast to early network-centric days, an organization may have little in the way of “on-prem” (on-premises) systems and may run its entire business through systems having shared resources. Such an infrastructure may be the entire inventory of cloud assets for an organization, including running and stopped workloads of all types: virtual machines, containers, storage objects, load balancers, IAM (Identity and Access Management) configurations, and more. Organizations are searching for effective ways to scan their entire cloud estate to look for risks stemming from vulnerabilities, misconfigurations, malware, lateral movement risk, weak and leaked passwords, and improperly secured PII.
權利要求
The invention claimed is:1. A cybersecurity system for matching keys with compute resources, the method comprising:at least one hardware processor configured to: analyze a cloud environment to identify a plurality of keys to the compute resources in the cloud environment, wherein each key includes a credential for granting permission to access at least one of the compute resources, access a service provided by at least one of the compute resources, or access a function provided by at least one of the compute resources; perform a cryptographic analysis on the plurality of keys to identify a first set of fingerprints that uniquely identify each of the plurality of keys, the first set of fingerprints being non-identical to any key of the plurality of keys and non-functional for use as a key to access the compute resources, services provided by the compute resources, or functions provided by the compute resources; analyze trust configurations of the compute resources to identify a second set of fingerprints for each of the compute resources; and prevent generation of associated activity patterns misidentified as caused by malicious code or by an attacker to the system by identifying matching relationships between the plurality of keys and the compute resources without using any of the plurality of keys to access the compute resources, as a result of comparing the first set of fingerprints with the second set of fingerprints. 2. The system of claim 1 , wherein the plurality of keys are stored in at least one workload. 3. The system of claim 1 , wherein at least one of the plurality of keys includes at least one of a password, a script containing a password, a private component of a private-public key pair, a cloud key or an Secure Shell (SSH) key. 4. The system of claim 1 , wherein the at least one processor is further configured to test validity of at least one of the plurality of keys. 5. The system of claim 1 , wherein the at least one processor is further configured to analyze a multi-machine interaction in the cloud environment using the first set of fingerprints. 6. The system of claim 5 , wherein analyzing the multi-machine interaction includes comparing the first set of fingerprints with the second set of fingerprints. 7. The system of claim 1 , wherein the at least one processor is further configured to analyze a multi-machine interaction in the cloud environment using the plurality of keys. 8. The system of claim 7 , wherein analyzing the multi-machine interaction includes comparing a first key for accessing a first one of the compute resources and a second key for accessing a second one of the compute resources. 9. A method for matching keys with compute resources, the method comprising:analyzing a cloud environment to identify a plurality of keys to the compute resources in the cloud environment, wherein each key includes a credential for granting permission to access at least one of the compute resources, access a service provided by at least one of the compute resources, or access a function provided by at least one of the compute resources; performing a cryptographic analysis on the plurality of keys to identify a first set of fingerprints that uniquely identify each of the plurality of keys, the first set of fingerprints being non-identical to any key of the plurality of keys and non-functional for use as a key to access the compute resources, services provided by the compute resources, or functions provided by the compute resources; analyzing trust configurations of the compute resources to identify a second set of fingerprints for each of the compute resources; and preventing generation of associated activity patterns misidentified as caused by malicious code or by an attacker to the system by identifying matching relationships between the plurality of keys and the compute resources without using any of the plurality of keys to access the compute resources, as a result of comparing the first set of fingerprints with the second set of fingerprints. 10. The method of claim 9 , wherein the plurality of keys are stored in at least one workload. 11. The method of claim 9 , wherein at least one of the plurality of keys includes at least one of a password, a script containing a password, a private component of a private-public key pair, a cloud key, or an Secure Shell (SSH) key. 12. The method of claim 9 , further comprising testing validity of at least one of the plurality of keys. 13. The method of claim 9 , further comprising analyzing a multi-machine interaction in the cloud environment using the first set of fingerprints. 14. The method of claim 13 , wherein analyzing the multi-machine interaction includes comparing the first set of fingerprints with the second set of fingerprints. 15. The method of claim 9 , further comprising analyzing a multi-machine interaction in the cloud environment using the plurality of keys. 16. A non-transitory computer-readable medium storing instructions that, when executed by at least one hardware processor, are configured to cause the at least one hardware processor to perform operations for matching keys with compute resources, the operations comprising:analyzing a cloud environment to identify a plurality of keys to the compute resources in the cloud environment, wherein each key includes a credential for granting permission to access at least one of the compute resources, access a service provided by at least one of the compute resources, or access a function provided by at least one of the compute resources; performing a cryptographic analysis on the plurality of keys to identify a first set of fingerprints that uniquely identify each of the plurality of keys, the first set of fingerprints being non-identical to any key of the plurality of keys and non-functional for use as a key to access the compute resources, services provided by the compute resources, or functions provided by the compute resources; analyzing trust configurations of the compute resources to identify a second set of fingerprints for each of the compute resources; and preventing generation of associated activity patterns misidentified as caused by malicious code or by an attacker to the system by identifying matching relationships between the plurality of keys and the compute resources without using any of the plurality of keys to access the compute resources, as a result of comparing the first set of fingerprints with the second set of fingerprints.
意見反饋