Dependency Formation Concepts
Lets cuddle
Zetafence’s core innovation lies in constructing and analyzing intricate dependency graphs enriched with metadata. These graphs visualize complex relationships between system components, from users and applications to network devices and cloud resources. By mapping these connections, we identify potential vulnerabilities, hidden exposures, and attack paths that traditional security tools often miss. This holistic view enables us to detect threats early, prioritize risks accurately, and respond swiftly to incidents.
To demonstrate this, here’s a scenario of how a specific weakness in user access keys leads to exploiting an AWS EC2 instance.
- An attacker gains access to a user’s credentials, which include their AWS access key ID and secret access key.
- With the stolen credentials, the attacker can access the user’s AWS account and identify running EC2 instances
- Once inside the instance, the attacker can exploit further vulnerabilities to escalate their privileges and gain root access
- The attacker can then tamper with the system configuration or install malicious software to maintain persistence and evade detection.
Detection using Hypergraph Dependences
Dependency Formation
This allows to view unusual formation such as user accessing critical resources at an odd hour, or correlating seemingly disparate events such as adversary gaining access to a low-level instance to move laterally.
Continuous Monitoring
As dependency Hypergraphs are built periodically, it enables the security scanner to analyze access patterns, anomalous activities, and changes in graph dependencies that can trigger alerts.
Fine-grained Access Control
Hypergraphs can define granular permissions based on various factors like user role, device type, access time, and resource type. Because it employs set-theoretic notion, Hypergraphs facilitate multi-dimensional dependencies across users, policies, roles, and resources. In addition, Hypergraphs facilitate as an effective ABAC, where access decisions are based on attributes of users, resources, and the request itself such as time-of-day.
Hidden Connections
Hypergraphs can expose connections hidden within complex chains of events. An attacker might use a compromised low-level account to grant access to a higher-privileged one. The hypergraph can trace these connections and reveal the attacker’s true target.