Zetafence(TM) enriches a vast array of entities with granular metadata to create a comprehensive security blueprint. From AWS, Kubernetes, and GCP environments to individual users, groups, hosts, applications, and network devices, our platform captures critical details. Cloud resources such as IAM policies, S3 buckets, EC2 instances, and security groups are meticulously documented, along with dynamic data like CloudTrail logs. This rich metadata empowers organizations to visualize complex relationships, identify vulnerabilities, and optimize security posture.

Entities and associations discovered by Discovery Agents are richly populated with metadata key-value pair attributes in an automatic manner. Those metadata attributes are heavily utilized by security scanning services to determine attack paths, and build correlations. Attributes that are maintained and updated by the operators are also included as part of the enriched metadata.

Examples

A VM could be tagged as a “developer” VM by admin, allowing extra network privileges which otherwise won’t be allowed.

Metadata enrichment includes key-value pairs generated from various sources, such as system logs, cloud services, and manual operator input. For instance, a virtual machine (VM) might be tagged as a “developer” VM, granting additional network privileges. AWS IAM resources are meticulously documented with timestamps, creation sources, MFA status, access patterns, and more. This rich metadata empowers in-depth analysis and informed decision-making.

Discovery of ResourcesATT&CK Tactics