logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12335149 B1

PDFFull Text
Date of Patent:
Jun. 17, 2025

Filed:

Sep. 15, 2022

Least privilege network access controls advisor

Applicant:

Amazon Technologies, Inc., Seattle, WA (US);

Inventors:

Samuel Bayless, Seattle, WA (US);

John David Backes, Minneapolis, MN (US);

Vaibhav Katkade, San Jose, CA (US);

Daniel William Dacosta, Saint Paul, MN (US);

Syed Mubashir Iqbal, Redmond, WA (US);

Nadia Labai, Redmond, WA (US);

Patrick Trentin, Minneapolis, MN (US);

Nikolaos Giannarakis, Seattle, WA (US);

Nathan Launchbury, Seattle, WA (US);

Divya Raghunathan, Princeton, NJ (US);

Assignee:

AMAZON TECHNOLOGIES, INC., Seattle, WA (US);

Attorneys:

Perilla Knox & Hildebrandt LLP

Thomas B. Hildebrandt

Primary Examiner:

Zhensheng Zhang

Int. Cl.
CPC ...
H04L 47/125 (2022.01); H04L 9/40 (2022.01); H04L 45/745 (2022.01);
U.S. Cl.
CPC ...
H04L 47/125 (2013.01); H04L 45/745 (2013.01); H04L 63/0263 (2013.01); H04L 63/0272 (2013.01);
Abstract

Techniques implemented by a network-access analysis system to analyze network access controls for networks, identify traffic flows that are unobserved and unrequired, and determine proposed changes to the network access controls that restrict access from unobserved traffic flows. The system may analyze the network access controls, and determine whether unrequired traffic flows are allowed to be communicated in the network. For instance, the system may analyze network flow logs and identify observed traffic flows that are required by applications in the network, and also identify unobserved traffic flows that are permitted access to, but are not observed in, the network. The system may propose changes to the network access controls to restrict network access by these unobserved traffic flows. A network administrator can receive recommendations from the system regarding the proposed changes, and determine whether they would like to implement the proposed changes to their network access controls.

Find Patent Forward Citations

Loading…