Patents by Inventor Yaniv Joseph OLIVER
Yaniv Joseph OLIVER has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12003520Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: September 15, 2023Date of Patent: June 4, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Publication number: 20240168792Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.Type: ApplicationFiled: December 29, 2023Publication date: May 23, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Raaz HERZBERG, Yaniv Joseph OLIVER, Osher HAZAN, Niv Roit BEN DAVID
-
Patent number: 11973770Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: November 22, 2021Date of Patent: April 30, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Publication number: 20240137382Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.Type: ApplicationFiled: December 29, 2023Publication date: April 25, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Avihai BERKOVITZ, George PISHA, Yaniv Joseph OLIVER, Udi REITBLAT, Or HELLER, Raaz HERZBERG, Osher HAZAN, Niv Roit BEN DAVID
-
Publication number: 20240004997Abstract: A system and method for reducing redundancy in inspecting container layers for cybersecurity objects includes: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: generate a diff output between a first container layer and a second container layer, wherein the second container layer is previously generated based off of the first container layer, wherein the diff includes at least an object; inspect the first container layer for a cybersecurity object; inspect the object for the cybersecurity threat; associate the cybersecurity object with the first container layer in response to detecting the cybersecurity object in the first container layer and not in the at least an object; and associate the cybersecurity object with the second container layer in response to detecting the cybersecurity object in the at least an object and not in the first container layer.Type: ApplicationFiled: June 30, 2022Publication date: January 4, 2024Applicant: Wiz, Inc.Inventors: Yaniv Joseph OLIVER, Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, Yaniv SHAKED, Amir Lande BLAU
-
Publication number: 20230221983Abstract: A system and method detects a vulnerable code object in configuration code for deploying instances in a cloud computing environment. The method includes: accessing a configuration code, including a plurality of code objects, where a code object of the plurality of code objects corresponds to a deployed principal; detecting in a log a plurality of access events, each access event associated with a first principal deployed in the cloud computing environment based on a first code object of the plurality of code objects; determining a first set of permissions associated with the first code object. The method also includes determining a second set of permissions based on the plurality of access events. The method also includes detecting a difference between the second set of permissions and the first set of permissions; and generating an updated code object based on the first code object and the detected difference.Type: ApplicationFiled: December 29, 2022Publication date: July 13, 2023Applicant: Wiz, Inc.Inventors: Or HELLER, Raaz HERZBERG, Yaniv Joseph OLIVER, Osher HAZAN, Niv Roit BEN DAVID, Ami LUTTWAK, Roy REZNIK
-
Patent number: 10496664Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: GrantFiled: March 31, 2017Date of Patent: December 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Patent number: 10452610Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: GrantFiled: March 31, 2017Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Publication number: 20180285441Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, ldo Yehiel PREIZLER
-
Publication number: 20180285427Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, Ido Yehiel PREIZLER