US2023214488A1PendingUtilityA1

Techniques for securing virtual cloud assets at rest against cyber threats

79
Assignee: ORCA SECURITY LTDPriority: Jan 28, 2019Filed: Mar 13, 2023Published: Jul 6, 2023
Est. expiryJan 28, 2039(~12.5 yrs left)· nominal 20-yr term from priority
Inventors:Avi Shua
H04L 63/1416G06F 9/45558G06F 21/554G06F 21/565G06F 21/552H04L 63/1433H04L 63/1425H04L 63/1408G06F 16/128G06F 11/301G06F 11/1451G06F 2201/815G06F 2201/86G06F 2201/84G06F 11/3476G06F 2009/45587H04L 63/1441G06F 2009/45583G06F 2009/45595G06F 11/1464G06F 2009/45562G06F 2009/45591
79
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems, methods, and non-transitory computer readable media including instructions for securing virtual cloud assets at rest against cyber threats are disclosed. Securing virtual cloud assets at rest against cyber threats includes determining a location of a snapshot of a virtual disk of a protected virtual cloud asset, wherein the protected virtual cloud asset is at rest, the protected virtual cloud asset being configured to be instantiated in the cloud computing environment when activated; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein during the detection of the potential cyber threats by analyzing the snapshot, the protected virtual cloud asset is at rest; and alerting detected potential cyber threats based on filtering or prioritizing using a determined risk of each detected threat.

Claims

exact text as granted — not AI-modified
1 - 39 . (canceled) 
     
     
         40 . A method for securing virtual cloud assets at rest against cyber threats, comprising:
 determining a location of at least one snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the protected virtual cloud asset is at rest, the protected virtual cloud asset being configured to be instantiated in the cloud computing environment when activated;   accessing the at least one snapshot of the virtual disk based on the determined location;   analyzing the at least one snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein during the detection of the potential cyber threats by analyzing the at least one snapshot, the protected virtual cloud asset is at rest; and   alerting detected potential cyber threats based on filtering or prioritizing using a determined risk of each detected threat.   
     
     
         41 . The method of  claim 40 , further comprising:
 prioritizing each detected potential cyber threat based on an associated risk to the protected virtual cloud asset; and   mitigating at least one of the detected potential cyber threats posing a risk to the protected virtual cloud asset.   
     
     
         42 . The method of  claim 40 , wherein:
 determining the location of the snapshot of at least one virtual disk further comprises determining a virtual disk allocated to the protected virtual cloud asset; and   wherein the method further comprises:   querying a cloud management console of the cloud computing platform to determine the location of the at least one snapshot and the location of the determined virtual disk.   
     
     
         43 . The method of  claim 40 , wherein analyzing the at least one snapshot of the at least one virtual disk of the protected virtual cloud asset further comprises:
 parsing a copy of the at least one snapshot; and   scanning the parsed copy to detect the potential cyber threats, wherein the potential cyber threats include known and unknown vulnerabilities, and wherein the detection is based on a type of vulnerability.   
     
     
         44 . The method of  claim 43 , wherein scanning the parsed copy further comprises at least one of:
 checking configuration files of applications and operating system installed in the at least one protected virtual cloud asset;   verifying access times to files by the operating system installed in the at least one protected virtual cloud asset;   analyzing system logs to deduce what applications and modules executed in the protected virtual cloud asset; and   analyzing machine memory stored in the at least one snapshot to deduce what applications and modules executed in the protected virtual cloud asset.   
     
     
         45 . The method of  claim 43 , further comprising:
 instantiating a copy of the at least one virtual disk of the protected virtual cloud asset from the snapshot; and monitoring all activity performed by the instance of the protected virtual cloud asset.   
     
     
         46 . The method of  claim 43 , wherein scanning the parsed copy further comprises any one of:
 reading process identification number (PID) files; and   checking if the at least the PID files access times match against process descriptors.   
     
     
         47 . The method of  claim 40 , wherein the protected virtual cloud asset includes any one of: a virtual machine, a software container, or a micro-service. 
     
     
         48 . The method of  claim 40 , wherein the detected potential cyber threats are filtered and prioritized based on contents stored on the at least one virtual disk or assets accessible from the at least one virtual disk. 
     
     
         49 . A system for securing virtual cloud assets at rest against cyber threats, the system comprising: at least one processor configured to:
 determine a location of at least one snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the protected virtual cloud asset is at rest, the protected virtual cloud asset being configured to be instantiated in the cloud computing environment when activated;   access the at least one snapshot of the virtual disk based on the determined location;   analyze the at least one snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein during the detection of the potential cyber threats by analyzing the at least one snapshot, the protected virtual cloud asset is at rest; and   alert detected potential cyber threats based on filtering or prioritizing using a determined risk of each detected threat.   
     
     
         50 . The system of  claim 49 , wherein the at least one processor is further configured to:
 prioritize each detected potential cyber threat based on an associated risk to the protected virtual cloud asset; and   mitigate at least one of the detected potential cyber threats posing a risk to the protected virtual cloud asset.   
     
     
         51 . The system of  claim 49 , wherein determining the location of the snapshot of at least one virtual disk further comprises determining a virtual disk allocated to the protected virtual cloud asset; and wherein at least one processor is further configured to:
 query a cloud management console of the cloud computing platform to determine the location of the at least one snapshot and the location of the determined virtual disk.   
     
     
         52 . The system of  claim 49 , wherein analyzing the at least one snapshot of the at least one virtual disk of the protected virtual cloud asset further comprises:
 parsing a copy of the at least one snapshot; and   scanning the parsed copy to detect the potential cyber threats, wherein the potential cyber threats include known and unknown vulnerabilities, and wherein the detection is based on a type of vulnerability.   
     
     
         53 . The system of  claim 52 , wherein scanning the parsed copy further comprises at least one of:
 checking configuration files of applications and operating system installed in the at least one protected virtual cloud asset;   verifying access times to files by the operating system installed in the at least one protected virtual cloud asset;   analyzing system logs to deduce what applications and modules executed in the protected virtual cloud asset; and   analyzing machine memory stored in the at least one snapshot to deduce what applications and modules executed in the protected virtual cloud asset.   
     
     
         54 . The system of  claim 52 , wherein the at least one processor is further configured to:
 instantiate a copy of the at least one virtual disk of the protected virtual cloud asset from the snapshot; and monitor all activity performed by the instance of the protected virtual cloud asset.   
     
     
         55 . The system of  claim 52 , wherein scanning the parsed copy further comprises any one of:
 reading process identification number (PID) files; and   checking if the at least the PID files access times match against process descriptors.   
     
     
         56 . The system of  claim 49 , wherein the protected virtual cloud asset includes any one of: a virtual machine, a software container, or a micro-service. 
     
     
         57 . The system of  claim 49 , wherein the detected potential cyber threats are filtered and prioritized based on contents stored on the at least one virtual disk or assets accessible from the at least one virtual disk. 
     
     
         58 . The system of  claim 49 , wherein the protected virtual cloud asset is configured to be activated intermittently. 
     
     
         59 . A non-transitory computer-readable medium storing instructions, which, when executed by at least one processor, cause a computing device to:
 determine a location of at least one snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the protected virtual cloud asset is at rest, the protected virtual cloud asset being configured to be instantiated in the cloud computing environment when activated;   access the at least one snapshot of the virtual disk based on the determined location;   analyze the at least one snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein during the detection of the potential cyber threats by analyzing the at least one snapshot, the protected virtual cloud asset is at rest; and   alert detected potential cyber threats based on filtering or prioritizing using a determined risk of each detected threat.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.