Patents by Inventor Roy Reznik
Roy Reznik has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146745Abstract: A system and method for technology stack discovery by performing active inspection of a cloud computing environment utilizing disk cloning is described. The method includes: generating an inspectable disk based on an original disk of a reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; detecting a cybersecurity object on the inspectable disk, the cybersecurity object indicating a cybersecurity issue; selecting a network path including a network protocol to access the reachable resource; and actively inspecting the network path to detect the cybersecurity issue.Type: ApplicationFiled: December 29, 2023Publication date: May 2, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK, Daniel Hershko SHEMESH, Yarin MIRAN, Yinon COSTICA
-
Publication number: 20240146799Abstract: A method and system for providing textual insights on objects deployed in a cloud environment are provided. The method includes collecting object data on objects deployed in the cloud environment, wherein objects are deployed and operable at different layers of the cloud environment; identifying objects deployed in the cloud environment; constructing a visual representation of the cloud environment, including the identified objects and their relationships; and generating textual insights on the identified objects and their relationships using natural language processing.Type: ApplicationFiled: October 2, 2023Publication date: May 2, 2024Applicant: Wiz, Inc.Inventors: Shai KEREN, Daniel Hershko SHEMESH, Roy REZNIK, Ami LUTTWAK, Avihai BERKOVITZ
-
Patent number: 11973770Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: November 22, 2021Date of Patent: April 30, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Publication number: 20240137382Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.Type: ApplicationFiled: December 29, 2023Publication date: April 25, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Avihai BERKOVITZ, George PISHA, Yaniv Joseph OLIVER, Udi REITBLAT, Or HELLER, Raaz HERZBERG, Osher HAZAN, Niv Roit BEN DAVID
-
Publication number: 20240135027Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.Type: ApplicationFiled: December 29, 2023Publication date: April 25, 2024Applicant: Wiz, Inc.Inventors: Raaz HERZBERG, Avi Tal LICHTENSTEIN, Roy REZNIK, Ami LUTTWAK, Moran COHEN, Yaniv SHAKED, Yinon COSTICA, George PISHA, Daniel Hershko SHEMESH, Yarin MIRAN
-
Publication number: 20240129121Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: ApplicationFiled: December 26, 2023Publication date: April 18, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Yaniv SHAKED, Eyal MOSCOVICI
-
Publication number: 20240119145Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment initiates inspection based on data received from a sensor deployed on a workload. The method includes: configuring a resource, deployed in a cloud computing environment, to deploy thereon a sensor, the sensor configured to detect runtime data; detecting a potential cybersecurity threat on the resource based on detected runtime data received from the sensor; and initiating inspection of the resource for the potential cybersecurity threat.Type: ApplicationFiled: August 28, 2023Publication date: April 11, 2024Applicant: Wiz, Inc.Inventors: Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20240104118Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; detecting a data object in the plurality of data files, the data object including a data schema and a content; classifying the first data object based on the content, wherein the content is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the first data object and the classification thereof, wherein the security graph further includes a representation of the cloud computing environment.Type: ApplicationFiled: October 24, 2022Publication date: March 28, 2024Applicant: Wiz, Inc.Inventors: Raaz HERZBERG, Avi Tal LICHTENSTEIN, Roy REZNIK, Ami LUTTWAK, Moran COHEN, Yaniv SHAKED, Yinon COSTICA, George PISHA
-
Publication number: 20240104235Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment includes generating a snapshot from a managed database service, the snapshot including a plurality of data files stored in a bucket on a cloud computing environment; deploying a virtual instance based on the snapshot to generate a database, the database including a database management system (DBMS); querying the DBMS to fetch data from the database; classifying the fetched data, wherein the fetched data is classified as sensitive data or non-sensitive data; and generating a node on a security graph stored in a graph database to represent the fetched data and the classification thereof, wherein the security graph includes a representation of the cloud computing environment.Type: ApplicationFiled: October 24, 2022Publication date: March 28, 2024Applicant: Wiz, Inc.Inventors: Raaz HERZBERG, Avi Tal LICHTENSTEIN, Roy REZNIK, Ami LUTTWAK, Moran COHEN, Yaniv SHAKED, Yinon COSTICA, George PISHA
-
Publication number: 20240104222Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration of an image in a virtualized computing environment generates an instruction to deploy a virtual instance based on a base image, the virtual instance including a disk. The method further includes generating an inspectable disk based on the disk of the virtual instance; receiving a markup language document, the document including a plurality of definitions, each including a data element; inspecting the inspectable disk for a cybersecurity object corresponding to a data element of a first definition of the plurality of definitions; evaluating the first definition based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generating an output based on the evaluated first definition result; and generating the output based on a notification, in response to determining that the definition is unevaluable.Type: ApplicationFiled: September 23, 2022Publication date: March 28, 2024Applicant: Wiz, Inc.Inventors: Yaniv SHAKED, Mattan SHALEV, Gal KOZOSHNIK, Daniel KLEIN, Roy REZNIK, Ami LUTTWAK
-
Publication number: 20240104240Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.Type: ApplicationFiled: October 24, 2022Publication date: March 28, 2024Applicant: Wiz, Inc.Inventors: Raaz HERZBERG, Avi Tal LICHTENSTEIN, Roy REZNIK, Ami LUTTWAK, Moran COHEN, Yaniv SHAKED, Yinon COSTICA, George PISHA
-
Patent number: 11936693Abstract: A system and method for applying a policy on a network path is disclosed. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in a cloud computing environment, having access to an external network which is external to the cloud computing environment; actively inspecting the network path to determine if the network path of the reachable resource is accessible from the external network; applying a policy on the accessible network path, wherein the policy includes a conditional rule; initiating a mitigation action, in response to determining that the conditional rule is not met; and applying the policy on another network path, in response to determining that the conditional rule is met.Type: GrantFiled: July 24, 2023Date of Patent: March 19, 2024Assignee: WIZ, INC.Inventors: Roy Reznik, Matilda Lidgi, Shai Keren, Eliran Marom
-
Patent number: 11936622Abstract: A system and method for providing dynamic network traffic policies. The method includes: detecting a cybersecurity risk on a workload deployed in a cloud computing environment, the cloud computing environment having a firewall connected to an untrusted network; and configuring the firewall to filter network traffic to the workload based on the detected cybersecurity risk.Type: GrantFiled: September 18, 2023Date of Patent: March 19, 2024Assignee: WIZ, INC.Inventors: Lidor Gonshorowitz, Oron Noah, Ami Luttwak, Yinon Costica, Roy Reznik
-
Patent number: 11936785Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: GrantFiled: October 4, 2023Date of Patent: March 19, 2024Assignee: WIZ, INC.Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Yaniv Shaked, Eyal Moscovici
-
Publication number: 20240089272Abstract: A system and method for reducing false positive detection of cybersecurity events is disclosed.Type: ApplicationFiled: July 28, 2023Publication date: March 14, 2024Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20240086524Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration includes generating an inspectable disk based on a disk of a host, the host deployed in a virtualized computing environment. The system is configured to: receive a markup language document, the markup language document including a plurality of definitions, each definition including a data element; inspect the inspectable disk for a cybersecurity object corresponding to a first data element of a first definition of the plurality of definitions; evaluate the first definition further based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generate an output based on the evaluated first definition result; and generate the output based on a predetermined notification, in response to determining that the definition is unevaluable.Type: ApplicationFiled: September 8, 2022Publication date: March 14, 2024Applicant: Wiz, Inc.Inventors: Yaniv SHAKED, Mattan SHALEV, Gal KOZOSHNIK, Daniel KLEIN, Roy REZNIK, Ami LUTTWAK
-
Patent number: 11929896Abstract: A system and method for generation of unified graph models for network entities are provided. The method includes collecting, for at least one network entity of a plurality of network entities, at least one network entity data feature, wherein the at least one network entity data feature is a network entity property; genericizing the collected at least one network entity; generating at least a network graph, wherein the generated network graph is a multi-dimensional data structure providing a representation of the plurality of network entities and relations between the network entities of the plurality of network entities; and storing the generated at least a network graph.Type: GrantFiled: January 28, 2021Date of Patent: March 12, 2024Assignee: WIZ, INC.Inventors: Daniel Hershko Shemesh, Liran Moysi, Roy Reznik, Shai Keren
-
Publication number: 20240054229Abstract: A system and method for detecting an application path utilizing active inspection of a cloud computing environment, includes selecting a reachable resource having at least one network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; selecting a second resource having a second network path based on the network path of the reachable resource; and actively inspecting the second network path to determine if the second resource is accessible through the second network path from the reachable resource.Type: ApplicationFiled: August 10, 2022Publication date: February 15, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20240054228Abstract: A system and method for performing active inspection of a cloud computing environment includes selecting a reachable resource, having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; determining a network protocol for the network path; and actively inspecting the network path to determine if an application utilizing the network protocol is deployed on the reachable resource as part of a technology stack of the reachable resource.Type: ApplicationFiled: August 10, 2022Publication date: February 15, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK
-
Publication number: 20240048580Abstract: A method for detecting escalation paths in a cloud environment is provided. The method includes accessing a security graph representing cloud objects and their connections in the cloud environment; analyzing each cloud object to detect an escalation hop from a current cloud object to a next cloud object, wherein the analysis is based, in part, on a plurality of risk factors and reachability parameters determined for each cloud object; and marking the security graph with each identified escalation path in the security graph, wherein an escalation path is a collection of escalation hops from a source cloud object to a destination cloud object.Type: ApplicationFiled: October 10, 2023Publication date: February 8, 2024Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Assaf RAPPAPORT, Avi Tal LICHTENSTEIN, Roy REZNIK