logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12244634 B1

PDFFull Text
Date of Patent:
Mar. 04, 2025

Filed:

Apr. 26, 2024

Techniques for cybersecurity identity risk detection utilizing disk cloning and unified identity mapping

Applicant:

Wiz, Inc., New York, NY (US);

Inventors:

Daniel Hershko Shemesh, Givat-Shmuel, IL;

Yarin Miran, Rishon Lezion, IL;

Roy Reznik, Tel Aviv, IL;

Ami Luttwak, Binyamina, IL;

Yinon Costica, Tel Aviv, IL;

Avihai Berkovitz, Tel Aviv, IL;

George Pisha, Giv'atayim, IL;

Yaniv Joseph Oliver, Tel Aviv, IL;

Udi Reitblat, New York, IL;

Or Heller, Tel Aviv, IL;

Raaz Herzberg, Tel Aviv, IL;

Osher Hazan, Mazkeret Batia, IL;

Niv Roit Ben David, Tel Aviv, IL;

Assignee:

Wiz, Inc., New York, NY (US);

Attorney:

M&B IP Analysts, LLC

Primary Examiner:

Monjur Rahim

Int. Cl.
CPC ...
H04L 9/40 (2022.01); G06F 21/53 (2013.01); G06F 21/55 (2013.01); G06F 21/62 (2013.01); H04L 67/1097 (2022.01);
U.S. Cl.
CPC ...
H04L 63/1433 (2013.01); H04L 63/105 (2013.01); H04L 63/1416 (2013.01); H04L 67/1097 (2013.01);
Abstract

A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.

Find Patent Forward Citations

Loading…