Patents by Inventor Yarin MIRAN
Yarin MIRAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240372720Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: ApplicationFiled: July 17, 2024Publication date: November 7, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Publication number: 20240314147Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: ApplicationFiled: May 23, 2024Publication date: September 19, 2024Applicant: Wiz, Inc.Inventors: Yarin MIRAN, Ami LUTTWAK, Roy REZNIK, Avihai BERKOVITZ, Moran COHEN, Yaniv SHAKED, Yaniv Joseph OLIVER
-
Patent number: 12095912Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: GrantFiled: December 26, 2023Date of Patent: September 17, 2024Assignee: Wiz, Inc.Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Yaniv Shaked, Eyal Moscovici
-
Patent number: 12079328Abstract: A system and method for inspecting a running container for a cybersecurity object in a cloud computing environment is disclosed. The method includes: generating a clone of a disk, wherein the disk is deployed in a cloud computing environment; detecting a software container on the generated clone of the disk; and inspecting the software container for a cybersecurity object, in response to determining that the container is a running container.Type: GrantFiled: October 10, 2023Date of Patent: September 3, 2024Assignee: Wiz, Inc.Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Niv Roit Ben David, Yaniv Shaked, Raaz Herzberg, Amir Lande Blau
-
Publication number: 20240289437Abstract: A system and method for inspecting a running container for a cybersecurity object in a cloud computing environment is disclosed. The method includes: generating a clone of a disk, wherein the disk is deployed in a cloud computing environment; detecting a software container on the generated clone of the disk; and inspecting the software container for a cybersecurity object, in response to determining that the container is a running container.Type: ApplicationFiled: April 29, 2024Publication date: August 29, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Niv Roit BEN DAVID, Yaniv SHAKED, Raaz HERZBERG, Amir LANDE BLAU
-
Publication number: 20240275812Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.Type: ApplicationFiled: April 26, 2024Publication date: August 15, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Avihai BERKOVITZ, George PISHA, Yaniv Joseph OLIVER, Udi REITBLAT, Or HELLER, Raaz HERZBERG, Osher HAZAN, Niv Roit BEN DAVID
-
Patent number: 12061925Abstract: A system and method for inspecting managed workloads in a cloud computing environment for cybersecurity threats improves inspection of managed workload service repositories, by only inspecting bases of managed workload deployed in the cloud computing environment. The method includes discovering a managed workload deployed in a cloud computing environment; determining an identifier of the managed workload, wherein the identifier includes an indicator to a base repository in which a base is stored, and wherein the managed workload is currently deployed in the cloud computing environment, the base repository further storing a plurality of bases, wherein a portion of the plurality of bases do not correspond to a deployed workload; accessing the base repository to pull the base; and inspecting the base of the deployed managed workload for a cybersecurity threat.Type: GrantFiled: September 15, 2023Date of Patent: August 13, 2024Assignee: WIZ, INC.Inventors: Niv Roit Ben David, Yaniv Shaked, Yarin Miran, Raaz Herzberg, Amir Lande Blau
-
Publication number: 20240265115Abstract: An architecture of a multi-cloud inspector for any computing device type is provided. According to an embodiment, a method for implementing multi-cloud inspection includes accessing an object list, determining which objects to inspect, determining which inspectors to use, creating object copies, providing and running inspectors for each object copy, receiving inspection report summaries, generating an enriched dataset, and adding the enriched dataset to a security graph database.Type: ApplicationFiled: March 26, 2024Publication date: August 8, 2024Applicant: Wiz, Inc.Inventors: Yaniv SHAKED, Ami LUTTWAK, Gal KOZOSHNIK, Roy REZNIK, Yarin MIRAN
-
Publication number: 20240244065Abstract: A system and method for detecting cybersecurity risk on a resource in a computing environment utilizes static analysis of a cloned resource and runtime data from the live resource. The method includes: configuring a resource deployed in a computing environment to deploy thereon a sensor, the sensor configured to detect runtime data; detecting runtime data from the sensor of the resource; generating an inspectable disk based on an original disk of the resource; initiating inspection based on the detected runtime data for a cybersecurity object on the inspectable disk; detecting the cybersecurity object on an inspectable disk; and initiating a mitigation action on the resource.Type: ApplicationFiled: January 31, 2024Publication date: July 18, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL
-
Patent number: 12028360Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: December 7, 2023Date of Patent: July 2, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Patent number: 12003520Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: September 15, 2023Date of Patent: June 4, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Patent number: 11995193Abstract: An architecture of a multi-cloud inspector for any computing device type is provided. According to an embodiment, a method for implementing multi-cloud inspection includes accessing an object list, determining which objects to inspect, determining which inspectors to use, creating object copies, providing and running inspectors for each object copy, receiving inspection report summaries, generating an enriched dataset, and adding the enriched dataset to a security graph database.Type: GrantFiled: September 28, 2023Date of Patent: May 28, 2024Assignee: WIZ, INC.Inventors: Yaniv Shaked, Ami Luttwak, Gal Kozoshnik, Roy Reznik, Yarin Miran
-
Publication number: 20240168792Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.Type: ApplicationFiled: December 29, 2023Publication date: May 23, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Raaz HERZBERG, Yaniv Joseph OLIVER, Osher HAZAN, Niv Roit BEN DAVID
-
Publication number: 20240146745Abstract: A system and method for technology stack discovery by performing active inspection of a cloud computing environment utilizing disk cloning is described. The method includes: generating an inspectable disk based on an original disk of a reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment; detecting a cybersecurity object on the inspectable disk, the cybersecurity object indicating a cybersecurity issue; selecting a network path including a network protocol to access the reachable resource; and actively inspecting the network path to detect the cybersecurity issue.Type: ApplicationFiled: December 29, 2023Publication date: May 2, 2024Applicant: Wiz, Inc.Inventors: Matilda LIDGI, Shai KEREN, Raaz HERZBERG, Avi Tal LICHTENSTEIN, Ami LUTTWAK, Roy REZNIK, Daniel Hershko SHEMESH, Yarin MIRAN, Yinon COSTICA
-
Patent number: 11973770Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.Type: GrantFiled: November 22, 2021Date of Patent: April 30, 2024Assignee: Wiz, Inc.Inventors: Yarin Miran, Ami Luttwak, Roy Reznik, Avihai Berkovitz, Moran Cohen, Yaniv Shaked, Yaniv Joseph Oliver
-
Publication number: 20240135027Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment is disclosed. The method includes: generating an inspectable disk from a clone of an original disk in a cloud computing environment; inspecting the inspectable disk for a cybersecurity object, the cybersecurity object indicating a sensitive data, the disk deployed in a cloud computing environment; extracting a data schema from the cybersecurity object, in response to detecting the cybersecurity object on the disk; generating a classification of the data schema; detecting in the disk a plurality of data files, each data file including the classified data schema; determining that the data schema corresponds to sensitive data based on the generated classification; generating in a security database: a representation of the data schema, and a representation of each data file; and rendering a visual representation of the cloud computing environment including a representation of the data schema.Type: ApplicationFiled: December 29, 2023Publication date: April 25, 2024Applicant: Wiz, Inc.Inventors: Raaz HERZBERG, Avi Tal LICHTENSTEIN, Roy REZNIK, Ami LUTTWAK, Moran COHEN, Yaniv SHAKED, Yinon COSTICA, George PISHA, Daniel Hershko SHEMESH, Yarin MIRAN
-
Publication number: 20240137382Abstract: A system and method for detecting a permission escalation event in a computing environment is disclosed. The method includes: generating a cloned disk based on an original disk of a resource deployed in a computing environment; detecting an identifier of a first principal on the cloned disk; detecting a second principal in the computing environment, the first principal authorized to assume the first principal; storing a representation of the computing environment in a security database, including: a first principal node representing the first principal, and a second principal node representing the second principal, further associated with a permission; querying the representation to determine a permission of the first principal; determining that the second principal includes a permission which the first principal does not include based on a result of querying the representation; and generating a permission escalation event.Type: ApplicationFiled: December 29, 2023Publication date: April 25, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Avihai BERKOVITZ, George PISHA, Yaniv Joseph OLIVER, Udi REITBLAT, Or HELLER, Raaz HERZBERG, Osher HAZAN, Niv Roit BEN DAVID
-
Publication number: 20240129121Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: ApplicationFiled: December 26, 2023Publication date: April 18, 2024Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA, Yaniv SHAKED, Eyal MOSCOVICI
-
Patent number: 11954516Abstract: A system and method for inspecting managed workloads in a cloud computing environment for cybersecurity threats improves inspection of managed workload service repositories, by only inspecting bases of managed workload deployed in the cloud computing environment. The method includes discovering a managed workload deployed in a cloud computing environment; determining an identifier of the managed workload, wherein the identifier includes an indicator to a base repository in which a base is stored, and wherein the managed workload is currently deployed in the cloud computing environment, the base repository further storing a plurality of bases, wherein a portion of the plurality of bases do not correspond to a deployed workload; accessing the base repository to pull the base; and inspecting the base of the deployed managed workload for a cybersecurity threat.Type: GrantFiled: September 15, 2023Date of Patent: April 9, 2024Assignee: WIZ, INC.Inventors: Niv Roit Ben David, Yaniv Shaked, Yarin Miran, Raaz Herzberg, Amir Lande Blau
-
Patent number: 11936785Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.Type: GrantFiled: October 4, 2023Date of Patent: March 19, 2024Assignee: WIZ, INC.Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Yaniv Shaked, Eyal Moscovici