白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Systems and methods for passive key identification

專利號(hào)
US11888888B2
公開日期
2024-01-30
申請(qǐng)人
Orca Security LTD.(IL Tel Aviv)
發(fā)明人
Avi Shua
IPC分類
H04L9/08; H04L9/14; H04L67/1008; H04L9/40; H04L67/101; G06F9/455; G06F21/54; G06F21/55; G06F21/56; G06F21/78; G06F21/57; G06F9/50
技術(shù)領(lǐng)域
cloud,may,asset,scanning,or,system,workload,in,risk,storage
地域: Tel Aviv-Jaffa

摘要

A method is disclosed for accessing a primary account maintained in a cloud environment, receiving information defining a structure of the primary account, the structure including a plurality of assets, and deploying, inside the primary account or a secondary account for which trust is established with the primary account, at least one ephemeral scanner configured to scan at least one block storage volume and output metadata defining the at least one block storage volume, the output excluding raw data of the primary account. The method further comprises receiving a transmission of the metadata from the at least one ephemeral scanner, excluding raw data of the primary account, analyzing the metadata to identify cybersecurity vulnerabilities, correlating each of the cybersecurity vulnerabilities with one of the assets, and generating a report correlating the cybersecurity vulnerabilities with the assets. Systems and computer-readable media implementing the method are also disclosed.

說明書

Process 210 may begin with step 211 to initiate a connection to cloud infrastructure 106. In step 211, scanning system 101 may send a message to user device 102 instructing a user to authenticate, or log in, to a cloud service provider's system operating cloud infrastructure 106. For example, the user may use a username, password, one-time password, two-factor authentication, or any other authentication mechanism to gain access to a cloud service provider's system.

Concurrently with or after the first message, scanning system 101 may send a second message to user device 102, instructing the user to generate a role. The second message may include instructions for the user to follow to generate the role. In step 213, a user may provide (e.g., via a keyboard at user device 102) a role definition to the cloud service provider's system. In some embodiments, the role definition includes read-only permissions and permissions to read a block storage layer (containing block storage volumes). In some embodiments, scanning system 101 provides a role formation template (e.g., an Amazon Web Services CloudFormation Template) for use with cloud infrastructure 106 to create the necessary role. In step 213, the user may utilize user device 102, for example, by copying and pasting a URL of the template, downloading and uploading the template to the cloud service provider's system, or selecting the template from a list of templates.

權(quán)利要求

1
微信群二維碼
意見反饋