Patents by Inventor SHAI KEREN
SHAI KEREN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240163187Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.Type: ApplicationFiled: January 10, 2024Publication date: May 16, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Liran MOYSI, Roy REZNIK, Shai KEREN
-
Patent number: 11985185Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: GrantFiled: September 29, 2023Date of Patent: May 14, 2024Assignee: WIZ, INC.Inventors: Shai Keren, Daniel Hershko Shemesh, Roy Reznik, Ami Luttwak, Avihai Berkovitz
-
Publication number: 20240146745Abstract: A system and method for technology stack discovery by performing active inspection of a cloud computing environment utilizing disk cloning is described. The method includes: generating an inspectable disk based on an original disk of a reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; detecting a cybersecurity object on the inspectable disk, the cybersecurity object indicating a cybersecurity issue; selecting a network path including a network protocol to access the reachable resource; and actively inspecting the network path to detect the cybersecurity issue.Type: ApplicationFiled: December 29, 2023Publication date: May 2, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK, Daniel Hershko SHEMESH, Yarin MIRAN, Yinon COSTICA
-
Publication number: 20240146799Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: October 2, 2023Publication date: May 2, 2024Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Patent number: 11962623Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.Type: GrantFiled: September 29, 2023Date of Patent: April 16, 2024Assignee: WIZ, INC.Inventors: Shai Keren, Daniel Hershko Shemesh
-
Patent number: 11936693Abstract: A system and method for applying a policy on a network path is disclosed. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in a cloud computing environment, having access to an external network which is external to the cloud computing environment; actively inspecting the network path to determine if the network path of the reachable resource is accessible from the external network; applying a policy on the accessible network path, wherein the policy includes a conditional rule; initiating a mitigation action, in response to determining that the conditional rule is not met; and applying the policy on another network path, in response to determining that the conditional rule is met.Type: GrantFiled: July 24, 2023Date of Patent: March 19, 2024Assignee: WIZ, INC.Inventors: Roy Reznik, Matilda Lidgi, Shai Keren, Eliran Marom
-
Patent number: 11929896Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.Type: GrantFiled: January 28, 2021Date of Patent: March 12, 2024Assignee: WIZ, INC.Inventors: Daniel Hershko Shemesh, Liran Moysi, Roy Reznik, Shai Keren
-
Publication number: 20240054229Abstract: A system and method for detecting an application path utilizing active inspection of a cloud computing environment, includes selecting a reachable resource having at least one network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; selecting a second resource having a second network path based on the network path of the reachable resource; and actively inspecting the second network path to determine if the second resource is accessible through the second network path from the reachable resource.Type: ApplicationFiled: August 10, 2022Publication date: February 15, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20240054228Abstract: A system and method for performing active inspection of a cloud computing environment includes selecting a reachable resource, having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; determining a network protocol for the network path; and actively inspecting the network path to determine if an application utilizing the network protocol is deployed on the reachable resource as part of a technology stack of the reachable resource.Type: ApplicationFiled: August 10, 2022Publication date: February 15, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20240056487Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.Type: ApplicationFiled: September 29, 2023Publication date: February 15, 2024Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH
-
Patent number: 11902333Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.Type: GrantFiled: May 8, 2023Date of Patent: February 13, 2024Assignee: WIZ, INC.Inventors: Shai Keren, Daniel Hershko Shemesh
-
Publication number: 20240031425Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: September 29, 2023Publication date: January 25, 2024Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Publication number: 20230370499Abstract: A system and method for applying a policy on a network path is disclosed. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in a cloud computing environment, having access to an external network which is external to the cloud computing environment; actively inspecting the network path to determine if the network path of the reachable resource is accessible from the external network; applying a policy on the accessible network path, wherein the policy includes a conditional rule; initiating a mitigation action, in response to determining that the conditional rule is not met; and applying the policy on another network path, in response to determining that the conditional rule is met.Type: ApplicationFiled: July 24, 2023Publication date: November 16, 2023Applicant: Wiz, Inc.Inventors: Roy REZNIK, Matilda LIDGI, Shai KEREN, Eliran MAROM
-
Publication number: 20230344896Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: June 26, 2023Publication date: October 26, 2023Applicant: Wiz, Inc.Inventors: Shai KEREN, Danny SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Publication number: 20230336550Abstract: A system and method for performing authorization based active inspection of network paths for a resource, deployed in a cloud computing environment, includes receiving at least one network path to access the resource, wherein the resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the resource is accessible through the at least one network path from a network external to the cloud computing environment and requires access authorization.Type: ApplicationFiled: April 13, 2022Publication date: October 19, 2023Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20230336554Abstract: A system and method for performing active inspection of a cloud computing environment includes receiving at least one network path to access a first resource, wherein the first resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the first resource is accessible through the at least one network path from a network external to the cloud computing environment.Type: ApplicationFiled: April 13, 2022Publication date: October 19, 2023Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20230336578Abstract: A system and method for performing active inspection of vulnerability exploitation in a cloud computing environment. The method includes receiving at least one network path to access a first resource, wherein the first resource is a cloud object is deployed in the cloud computing environment and having a known vulnerability, wherein the first resource is potentially accessible from a network which is external to the cloud computing environment; actively inspecting the at least one network path to determine if the first resource is accessible through the at least one network path from a network external to the cloud computing environment; and triggering the known vulnerability to determine if the first resource can be exploited with the known vulnerability, in response to determining that the first resource is accessible through the external network.Type: ApplicationFiled: April 13, 2022Publication date: October 19, 2023Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20230275929Abstract: A method and system for modeling a cloud environment as a security graph are provided. The method includes identifying security objects in the cloud environment; collecting object data of the identified security objects; constructing security graph based on collected object data of the identified security objects; determining relationships among the identified security objects, wherein the relationships are determined based on the collected object data of the identified security objects and using a static analysis process; updating the constructed security graph with the determined relationships among the identified security objects; and storing the constructed security graph in a graph database.Type: ApplicationFiled: May 8, 2023Publication date: August 31, 2023Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH
-
Patent number: 11722554Abstract: A method and system for determining abnormal configuration of network objects deployed in a cloud computing environment are provided. The method includes collecting network object data on a plurality of network objects deployed in the cloud computing environment; constructing a network graph based on the collected network object data, wherein the network graph includes a visual representation of network objects identified in the cloud computing environment; determining relationships between the identified network objects in the network graph, wherein the determined relationships between the identified network objects includes descriptions of connections between the identified network objects; and analyzing the network graph and the determined relationships to generate insights, wherein the generated insights include at least a list of abnormal connections between the identified network objects.Type: GrantFiled: August 12, 2022Date of Patent: August 8, 2023Assignee: WIZ, INC.Inventors: Shai Keren, Danny Shemesh, Roy Reznik, Ami Luttwak, Avihai Berkovitz
-
Patent number: 11671460Abstract: A method and system for determining reachability of objects deployed in a cloud environment to an external network is presented. The method includes identifying a plurality of network paths in the cloud environment, wherein each network path includes at least two objects deployed in the cloud environment; statistically analyzing each object in each respective network path to determine its reachability properties; analyzing the reachability properties determined for each object to determine if the respective object is reachable through its respective network path from at least a network external to the cloud environment; and saving each object together with its respective network path and reachability properties in a database.Type: GrantFiled: May 23, 2022Date of Patent: June 6, 2023Assignee: WIZ, INC.Inventors: Shai Keren, Daniel Hershko Shemesh