Patents Assigned to Wiz, Inc.
-
Publication number: 20240048580Abstract: A method for detecting escalation paths in a cloud environment is provided. The method includes accessing a security graph representing cloud objects and their connections in the cloud environment; analyzing each cloud object to detect an escalation hop from a current cloud object to a next cloud object, wherein the analysis is based, in part, on a plurality of risk factors and reachability parameters determined for each cloud object; and marking the security graph with each identified escalation path in the security graph, wherein an escalation path is a collection of escalation hops from a source cloud object to a destination cloud object.Type: ApplicationFiled: October 10, 2023Publication date: February 8, 2024Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Assaf RAPPAPORT, Avi Tal LICHTENSTEIN, Roy REZNIK
-
Publication number: 20240039929Abstract: A system and method improves cloud detection and response by generating a normalized event log from a plurality of cloud service providers (CSPs). The method includes receiving a plurality of events, wherein a first event of the plurality of events is generated in a cloud computing environment provided by a first CSP and a second event of the plurality of events is generated in a cloud computing environment provided by a second CSP; extracting data from an event of the plurality of events; generating a normalized event based on the extracted data and a predefined data schema, the predefined data schema including a plurality of data fields; storing the normalized event in a transactional database having stored therein a normalized event log; and applying a rule from a rule engine on a normalized event stored in the transactional database to detect a cybersecurity threat in any of the CSPs.Type: ApplicationFiled: August 1, 2022Publication date: February 1, 2024Applicant: Wiz, Inc.Inventors: George PISHA, Liran MOYSI, Itay VANZETTI, Alon SCHINDEL
-
Publication number: 20240039936Abstract: A system and method improves cloud detection and response by generating a normalized event log from a plurality of cloud computing layers. The method includes receiving a plurality of events, wherein a first event is generated in a first cloud layer of a cloud computing environment provided by a cloud service provider (CSP) and a second event is generated in a second cloud layer of the cloud computing environment; extracting data from each event; generating a normalized event based on the extracted data and further based on a predefined data schema, the predefined schema including a plurality of data fields, at least a portion of which are related to cloud layers; storing the normalized event in a transactional database having stored therein a normalized event log; and applying a rule from a rule engine on the normalized event to detect a cybersecurity threat in the cloud computing environment.Type: ApplicationFiled: August 1, 2022Publication date: February 1, 2024Applicant: Wiz, Inc.Inventors: George PISHA, Liran MOYSI, Itay VANZETTI, Alon SCHINDEL
-
Publication number: 20240037218Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.Type: ApplicationFiled: October 5, 2023Publication date: February 1, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Publication number: 20240031425Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: September 29, 2023Publication date: January 25, 2024Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Publication number: 20240031376Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.Type: ApplicationFiled: September 26, 2023Publication date: January 25, 2024Applicant: Wiz, Inc.Inventors: Avi Tal LICHTENSTEIN, Ami LUTTWAK, Daniel Hershko SHEMESH
-
Patent number: 11875306Abstract: A system and method for agentless generation of a software bill of materials (SBOM) in a cloud computing environment is disclosed. The method includes: accessing a plurality of workloads in a cloud computing environment; detecting in each workload of the plurality of workloads a software component; generating for each workload an SBOM based on the detected software component; and storing each SBOM in a database.Type: GrantFiled: August 31, 2023Date of Patent: January 16, 2024Assignee: WIZ, INC.Inventors: Mattan Shalev, Yaniv Shaked, Gal Kozoshnik, Omri Kornblau, Roy Reznik, Ami Luttwak, Yinon Costica
-
Publication number: 20240004997Abstract: A system and method for reducing redundancy in inspecting container layers for cybersecurity objects includes: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: generate a diff output between a first container layer and a second container layer, wherein the second container layer is previously generated based off of the first container layer, wherein the diff includes at least an object; inspect the first container layer for a cybersecurity object; inspect the object for the cybersecurity threat; associate the cybersecurity object with the first container layer in response to detecting the cybersecurity object in the first container layer and not in the at least an object; and associate the cybersecurity object with the second container layer in response to detecting the cybersecurity object in the at least an object and not in the first container layer.Type: ApplicationFiled: June 30, 2022Publication date: January 4, 2024Applicant: Wiz, Inc.Inventors: Yaniv Joseph OLIVER, Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, Yaniv SHAKED, Amir Lande BLAU
-
Publication number: 20230421573Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.Type: ApplicationFiled: August 29, 2023Publication date: December 28, 2023Applicant: Wiz, Inc.Inventors: Avi Tal LICHTENSTEIN, Ami LUTTWAK, Yinon COSTICA
-
Publication number: 20230418931Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.Type: ApplicationFiled: August 28, 2023Publication date: December 28, 2023Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Patent number: 11841945Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment configures a resource deployed in a cloud computing environment to deploy thereon a sensor, configured to listen on a data link layer for an event. The method further includes detecting a potential cybersecurity threat on the resource; sending a definition based on the cybersecurity threat to the sensor, wherein the definition includes a logical expression, which when applied to an event produces a binary outcome, and wherein the sensor is further configured to apply the definition to the event; determining that the potential cybersecurity threat is an actual cybersecurity threat in response to the produced binary outcome having a predetermined value; and generating an instruction to perform a mitigation action based on the actual cybersecurity threat.Type: GrantFiled: October 7, 2022Date of Patent: December 12, 2023Assignee: WIZ, INC.Inventors: Aviel Fogel, Udi Reitblat, Alon Schindel, Ami Luttwak, Roy Reznik, Yinon Costica
-
Publication number: 20230388325Abstract: A system and method for detecting privilege escalation on a resource deployed in a computing environment is disclosed. The method includes: configuring the resource to deploy thereon a sensor, the sensor configured to listen on a data link layer of the resource for an event; receiving from the sensor a permission-based event based on a first actor, the permission-based event indicating a first permission set of the first actor; querying a database to detect a second permission set of the first actor; detecting that the first permission set includes a permission which is not in the second permission set; determining that the resource is involved in a privilege escalation event in response to detecting that the first permission set includes a permission which is not in the second permission set; and initiating a mitigation action in response to the determined privilege escalation event.Type: ApplicationFiled: July 28, 2023Publication date: November 30, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230388352Abstract: A system and method for detecting a cybersecurity event based on multiple cybersecurity data sources is disclosed. The method includes: receiving data from a first cybersecurity source, the first cybersecurity source configured to generate data based on a resource deployed in a computing environment; receiving data from a second cybersecurity source, the second cybersecurity source configured to generate data based on the resource deployed in the computing environment, wherein the second cybersecurity source has a source type which is different from a source type of the first cybersecurity source; detecting a cybersecurity event on the resource based on data received from the first cybersecurity source and data received from the second cybersecurity source; and initiating a mitigation action for the resource in response to detecting the cybersecurity event.Type: ApplicationFiled: July 28, 2023Publication date: November 30, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230379342Abstract: A system and method for reducing network communication from a sensor for detecting cybersecurity threats is disclosed. The method includes: configuring the resource to deploy thereon a sensor, the sensor configured to listen on a data link layer of the resource for an event; configuring the sensor to generate an event set from a plurality of events, based on a rule; detecting that a number of events in the event set exceeds a predetermined threshold; determining that a cybersecurity event occurred in response to detecting that the number of events exceeds the predetermined threshold; and initiating a mitigation action based on the cybersecurity event.Type: ApplicationFiled: July 28, 2023Publication date: November 23, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230376586Abstract: A system and method for inspecting live virtual instance in a cloud computing environment for cybersecurity threats utilizes a disk cloning technique. The method includes selecting a live virtual instance in a cloud computing environment, wherein the live virtual instance includes a disk having a disk descriptor with an address in a cloud storage system. An instruction to clone the disk of the live virtual instance is generated, and when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the live virtual instance. The cloned disk is inspected for a cybersecurity threat and the cloned disk is released in response to completing the inspection of the disk.Type: ApplicationFiled: May 23, 2022Publication date: November 23, 2023Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Publication number: 20230370499Abstract: A system and method for applying a policy on a network path is disclosed. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in a cloud computing environment, having access to an external network which is external to the cloud computing environment; actively inspecting the network path to determine if the network path of the reachable resource is accessible from the external network; applying a policy on the accessible network path, wherein the policy includes a conditional rule; initiating a mitigation action, in response to determining that the conditional rule is not met; and applying the policy on another network path, in response to determining that the conditional rule is met.Type: ApplicationFiled: July 24, 2023Publication date: November 16, 2023Applicant: Wiz, Inc.Inventors: Roy REZNIK, Matilda LIDGI, Shai KEREN, Eliran MAROM
-
Patent number: 11811787Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.Type: GrantFiled: March 31, 2022Date of Patent: November 7, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Daniel Hershko Shemesh
-
Patent number: 11811786Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.Type: GrantFiled: March 31, 2022Date of Patent: November 7, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Yinon Costica
-
Publication number: 20230344896Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: June 26, 2023Publication date: October 26, 2023Applicant: Wiz, Inc.Inventors: Shai KEREN, Danny SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Patent number: 11799874Abstract: A system and method for detecting lateral movement based on a compromised cryptographic network protocol (CNP) key in a cloud computing environment includes inspecting a workload for a private CNP key, including metadata and a public CNP key hash; storing in a security graph: a private CNP key node representing the private CNP key, and a workload node representing the workload, wherein the security graph represents the cloud computing environment in which the workload is deployed; connecting in the security graph the private CNP key node to a public CNP key node in response to determining that the public CNP key hash of the private CNP key matches a public key hash associated with the public CNP key node; and generating a lateral movement path in response to determining that the private CNP key is compromised, the path including another workload node connected to the public CNP key.Type: GrantFiled: March 31, 2022Date of Patent: October 24, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Yinon Costica