US2020244692A1PendingUtilityA1

Techniques for securing virtual cloud assets at rest against cyber threats

69
Assignee: ORCA SECURITY LTDPriority: Jan 28, 2019Filed: Jan 23, 2020Published: Jul 30, 2020
Est. expiryJan 28, 2039(~12.5 yrs left)· nominal 20-yr term from priority
Inventors:Avi Shua
H04L 63/1416G06F 9/45558G06F 2009/45587G06F 2201/86G06F 2201/84G06F 11/3476G06F 11/301G06F 11/1451G06F 2201/815G06F 16/128H04L 63/1408H04L 63/1433H04L 63/1425G06F 2009/45595H04L 63/1441G06F 2009/45591G06F 2009/45562G06F 11/1464G06F 2009/45583G06F 21/552G06F 21/554G06F 21/565
69
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and system for securing virtual cloud assets at rest against cyber threats. The method comprises determining a location of a view of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is at rest and, when activated, instantiated in the cloud computing environment; accessing the view of the virtual disk based on the determined location; analyzing the view of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein the virtual cloud asset is inactive during the analysis; and alerting detected potential cyber threats based on a determined priority.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for securing virtual cloud assets at rest against cyber threats, comprising:
 determining a location of a view of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is at rest and, when activated, instantiated in the cloud computing environment;   accessing the view of the virtual disk based on the determined location;   analyzing the view of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein the virtual cloud asset is inactive during the analysis; and   alerting detected potential cyber threats based on a determined priority.   
     
     
         2 . The method of  claim 1 , further comprising:
 prioritizing each detection of potential cyber threats based on their respective risk to the protected virtual cloud asset; and   mitigating a potential cyber threat posing a risk to the protected virtual cloud asset.   
     
     
         3 . The method of  claim 1 , wherein determining the location of the view of at least one virtual disk further comprises:
 determining a virtual disk allocated to the protected virtual cloud asset.   
     
     
         4 . The method of  claim 3 , further comprising:
 querying a cloud management console of the cloud computing platform to determine the location of the view and the location of the virtual disk.   
     
     
         5 . The method of  claim 1 , further comprising:
 requesting the cloud computing platform to create a new view of the protected virtual cloud asset, when an existing snapshot cannot be located.   
     
     
         6 . The method of  claim 1 , wherein analyzing the view of the protected virtual cloud asset further comprises:
 parsing a copy of the view; and   scanning the parsed copy to detect the potential cyber threats, wherein the potential cyber threats include known and unknown vulnerabilities, and wherein the detection is based on a type of vulnerability.   
     
     
         7 . The method of  claim 6 , wherein scanning the parsed copy further comprises any one of:
 checking configuration files of each application, operating system, and system installed in the protected virtual cloud asset;   verifying access times to files by the operating system installed in the operating system;   analyzing system logs to deduce what applications and modules executed in the protected virtual cloud asset; and   analyzing machine memory stored in the view to deduce what applications and modules executed in the protected virtual cloud asset.   
     
     
         8 . The method of  claim 6 , further comprising:
 instantiating an instance copy of the protected virtual cloud asset from the view; and   monitoring all activity performed by the instance of the protected virtual cloud asset.   
     
     
         9 . The method of  claim 1 , wherein the protected virtual cloud asset includes any one of: a virtual machine, a software container, a micro-service. 
     
     
         10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process for securing virtual cloud assets at rest against cyber threats, the process comprising:
 determining a location of a view of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is at rest and, when activated, instantiated in a cloud computing environment;   accessing the view of the virtual disk based on the determined location;   analyzing the view of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein the virtual cloud asset is inactive during the analysis; and   alerting detected potential cyber threats based on a determined priority.   
     
     
         11 . A system for securing virtual cloud assets at rest against cyber threats, comprising:
 a processing circuitry; and   a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to:   determine a location of a view of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is at rest and, when activated, instantiated in a cloud computing environment;   access the view of the virtual disk based on the determined location;   analyze the view of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein the virtual cloud asset is inactive during the analysis; and   alert detected potential cyber threats based on a determined priority.   
     
     
         12 . The system of  claim 11 , wherein the system is further configured to:
 prioritize each detection of potential cyber threats based on their respective risk to the protected virtual cloud asset; and   mitigate a potential cyber threat posing a risk to the protected virtual cloud asset.   
     
     
         13 . The system of  claim 11 , wherein determining the location of the view of at least one virtual disk further comprises:
 determining a virtual disk allocated to the protected virtual cloud asset.   
     
     
         14 . The system of  claim 13 , wherein the system is further configured to:
 query a cloud management console of the cloud computing platform to determine the location of the view and the location of the virtual disk.   
     
     
         15 . The system of  claim 11 , wherein the system is further configured to:
 requesting the cloud computing platform to create a new view of the protected virtual cloud asset, when an existing snapshot cannot be located.   
     
     
         16 . The system of  claim 11 , wherein analyzing the view of the protected virtual cloud asset further comprises:
 parsing a copy of the view; and   scanning the parsed copy to detect the potential cyber threats, wherein the potential cyber threats include known and unknown vulnerabilities, and wherein the detection is based on a type of vulnerability.   
     
     
         17 . The system of  claim 16 , wherein scanning the parsed copy further comprises any one of:
 checking configuration files of each application, operating system, and system installed in the protected virtual cloud asset;   verifying access times to files by the operating system installed in the operating system;   analyzing system logs to deduce what applications and modules executed in the protected virtual cloud asset; and   analyzing machine memory stored in the view to deduce what applications and modules executed in the protected virtual cloud asset.   
     
     
         18 . The system of  claim 16 , wherein the system is further configured to:
 instantiate an instance copy of the protected virtual cloud asset from the view; and   monitor all activity performed by the instance of the protected virtual cloud asset.   
     
     
         19 . The system of  claim 11 , wherein the protected virtual cloud asset includes any one of: a virtual machine, a software container, a micro-service.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.