CPC H04L 63/14 (2013.01) | 17 Claims |
1. A method for detecting potential lateral movement in a cloud computing environment, comprising:
generating in a security database a representation of a cloud computing environment, the cloud computing environment including a plurality of cloud entities;
determining a first node in the security database is a compromised node wherein the first node represents a first cloud entity of the plurality of cloud entities;
detecting a credential node connected to the first node, wherein the credential node represents a credential utilized in the cloud computing environment; and
generating a potential lateral movement path, including the first node, and a second node representing a second cloud entity of the plurality of cloud entities, wherein the second node is connected to the credential node.
|