Patents by Inventor Yinon COSTICA
Yinon COSTICA has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230421573Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.Type: ApplicationFiled: August 29, 2023Publication date: December 28, 2023Applicant: Wiz, Inc.Inventors: Avi Tal LICHTENSTEIN, Ami LUTTWAK, Yinon COSTICA
-
Publication number: 20230418931Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.Type: ApplicationFiled: August 28, 2023Publication date: December 28, 2023Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Patent number: 11841945Abstract: A system and method for improved endpoint detection and response (EDR) in a cloud computing environment configures a resource deployed in a cloud computing environment to deploy thereon a sensor, configured to listen on a data link layer for an event. The method further includes detecting a potential cybersecurity threat on the resource; sending a definition based on the cybersecurity threat to the sensor, wherein the definition includes a logical expression, which when applied to an event produces a binary outcome, and wherein the sensor is further configured to apply the definition to the event; determining that the potential cybersecurity threat is an actual cybersecurity threat in response to the produced binary outcome having a predetermined value; and generating an instruction to perform a mitigation action based on the actual cybersecurity threat.Type: GrantFiled: October 7, 2022Date of Patent: December 12, 2023Assignee: WIZ, INC.Inventors: Aviel Fogel, Udi Reitblat, Alon Schindel, Ami Luttwak, Roy Reznik, Yinon Costica
-
Publication number: 20230388325Abstract: A system and method for detecting privilege escalation on a resource deployed in a computing environment is disclosed. The method includes: configuring the resource to deploy thereon a sensor, the sensor configured to listen on a data link layer of the resource for an event; receiving from the sensor a permission-based event based on a first actor, the permission-based event indicating a first permission set of the first actor; querying a database to detect a second permission set of the first actor; detecting that the first permission set includes a permission which is not in the second permission set; determining that the resource is involved in a privilege escalation event in response to detecting that the first permission set includes a permission which is not in the second permission set; and initiating a mitigation action in response to the determined privilege escalation event.Type: ApplicationFiled: July 28, 2023Publication date: November 30, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230388352Abstract: A system and method for detecting a cybersecurity event based on multiple cybersecurity data sources is disclosed. The method includes: receiving data from a first cybersecurity source, the first cybersecurity source configured to generate data based on a resource deployed in a computing environment; receiving data from a second cybersecurity source, the second cybersecurity source configured to generate data based on the resource deployed in the computing environment, wherein the second cybersecurity source has a source type which is different from a source type of the first cybersecurity source; detecting a cybersecurity event on the resource based on data received from the first cybersecurity source and data received from the second cybersecurity source; and initiating a mitigation action for the resource in response to detecting the cybersecurity event.Type: ApplicationFiled: July 28, 2023Publication date: November 30, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230379342Abstract: A system and method for reducing network communication from a sensor for detecting cybersecurity threats is disclosed. The method includes: configuring the resource to deploy thereon a sensor, the sensor configured to listen on a data link layer of the resource for an event; configuring the sensor to generate an event set from a plurality of events, based on a rule; detecting that a number of events in the event set exceeds a predetermined threshold; determining that a cybersecurity event occurred in response to detecting that the number of events exceeds the predetermined threshold; and initiating a mitigation action based on the cybersecurity event.Type: ApplicationFiled: July 28, 2023Publication date: November 23, 2023Applicant: Wiz, Inc.Inventors: Itamar GILAD, Aviel FOGEL, Udi REITBLAT, Alon SCHINDEL, Ami LUTTWAK, Roy REZNIK, Yinon COSTICA
-
Publication number: 20230376586Abstract: A system and method for inspecting live virtual instance in a cloud computing environment for cybersecurity threats utilizes a disk cloning technique. The method includes selecting a live virtual instance in a cloud computing environment, wherein the live virtual instance includes a disk having a disk descriptor with an address in a cloud storage system. An instruction to clone the disk of the live virtual instance is generated, and when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the live virtual instance. The cloned disk is inspected for a cybersecurity threat and the cloned disk is released in response to completing the inspection of the disk.Type: ApplicationFiled: May 23, 2022Publication date: November 23, 2023Applicant: Wiz, Inc.Inventors: Daniel Hershko SHEMESH, Yarin MIRAN, Roy REZNIK, Ami LUTTWAK, Yinon COSTICA
-
Patent number: 11811786Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.Type: GrantFiled: March 31, 2022Date of Patent: November 7, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Yinon Costica
-
Patent number: 11799874Abstract: A system and method for detecting lateral movement based on a compromised cryptographic network protocol (CNP) key in a cloud computing environment includes inspecting a workload for a private CNP key, including metadata and a public CNP key hash; storing in a security graph: a private CNP key node representing the private CNP key, and a workload node representing the workload, wherein the security graph represents the cloud computing environment in which the workload is deployed; connecting in the security graph the private CNP key node to a public CNP key node in response to determining that the public CNP key hash of the private CNP key matches a public key hash associated with the public CNP key node; and generating a lateral movement path in response to determining that the private CNP key is compromised, the path including another workload node connected to the public CNP key.Type: GrantFiled: March 31, 2022Date of Patent: October 24, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Yinon Costica
-
Publication number: 20230247044Abstract: A system and method for generating a contextual cloud risk assessment of a cloud computing environment. The method includes accessing a plurality of cloud assessment policies, wherein a policy including a query executable on a security graph; applying the plurality of cloud assessment policies to the representation of the first cloud computing environment; generating a risk assessment report based on an output generated by applying a policy of the plurality of cloud assessment polices; and initiating a mitigation action based on a cybersecurity risk from the risk assessment report.Type: ApplicationFiled: January 30, 2023Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, Raaz HERZBERG, Alon SCHINDEL, Guy ROZENDORN, Avihai BERKOVITZ
-
Publication number: 20230247039Abstract: A system and method for generating a compact forensic event log based on a cloud log, includes: traversing a security graph to detect a node representing a cloud entity in a cloud computing environment, wherein the security graph includes a representation of the cloud computing environment; detecting a node representing a cybersecurity threat connected to the node representing the cloud entity; parsing a cloud log of the cloud computing environment to detect a data record, the data record including an attribute of the node representing the cloud entity; and generating a compact forensic event log including the detected data record.Type: ApplicationFiled: January 31, 2023Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, George PISHA, Liran MOYSI, Alon SCHINDEL
-
Publication number: 20230247043Abstract: A system and method detects an exploited vulnerable cloud entity. The method includes: detecting in at least one cloud log of a cloud computing environment a plurality of events, each event corresponding to a failed action, each event further corresponding to a cloud entity deployed in the cloud computing environment; extracting from the cloud log an identifier of the cloud entity; traversing a security graph to detect a node representing the cloud entity, based on the extracted identifier, wherein the security graph includes a representation of the cloud computing environment; detecting a node representing a cybersecurity vulnerability connected to the node representing the cloud entity; and initiating a mitigation action for the workload based on the cybersecurity vulnerability.Type: ApplicationFiled: December 1, 2022Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, George PISHA, Liran MOYSI, Alon SCHINDEL
-
Publication number: 20230247063Abstract: A system and method for prioritizing alerts and mitigation actions against cyber threats in a cloud computing environment. The method includes detecting an alert based on a cloud entity deployed in a cloud computing environment, wherein the alert including an identifier of the cloud entity and a severity indicator, and wherein the cloud computing environment is represented in a security graph; generating a severity index for the received alert based on the identifier of the cloud entity and the severity indicator; and initiating a mitigation action based on the severity index.Type: ApplicationFiled: January 30, 2023Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, Raaz HERZBERG, Alon SCHINDEL, Guy ROZENDORN, Avihai BERKOVITZ
-
Publication number: 20230247042Abstract: A system and method traces suspicious activity to a workload based on a forensic log. The method includes detecting in at least one cloud log of a cloud computing environment a plurality of events, each event indicating an action in the cloud computing environment; extracting from an event of the plurality of events an identifier of a cloud entity, wherein the event includes an action which is predetermined as indicative of a suspicious event; traversing a security graph to detect a node representing the cloud entity, wherein the security graph further includes a representation of the cloud computing environment; detecting that the node representing the cloud entity is connected to a node representing a cybersecurity vulnerability; and initiating a mitigation action for the cloud entity based on the cybersecurity vulnerability.Type: ApplicationFiled: December 1, 2022Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, George PISHA, Liran MOYSI, Alon SCHINDEL
-
Publication number: 20230247040Abstract: A system and method for detecting a cloud detection and response (CDR) event from a cloud log. The method includes detecting an identifier of a cloud entity in a cloud log, wherein the cloud log includes a plurality of records generated by a cloud computing environment; detecting a node in a security graph based on the identifier of the cloud entity, wherein the security graph includes a representation of the cloud computing environment; generating a CDR event in response to determining from the security graph that the first node is associated with a cybersecurity threat; and initiating a mitigation action based on the cybersecurity threat.Type: ApplicationFiled: January 31, 2023Publication date: August 3, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Roy REZNIK, George PISHA, Liran MOYSI, Alon SCHINDEL
-
Publication number: 20230123477Abstract: A method for detecting escalation paths in a cloud environment is provided. The method includes accessing a security graph representing cloud objects and their connections in the cloud environment; analyzing each cloud object to detect an escalation hop from a current cloud object to a next cloud object, wherein the analysis is based, in part, on a plurality of risk factors and reachability parameters determined for each cloud object; and marking the security graph with each identified escalation path in the security graph, wherein an escalation path is a collection of escalation hops from a source cloud object to a destination cloud object.Type: ApplicationFiled: October 18, 2021Publication date: April 20, 2023Applicant: Wiz, Inc.Inventors: Ami LUTTWAK, Yinon COSTICA, Assaf RAPPAPORT, Avi Tal LICHTENSTEIN, Roy REZNIK
-
Publication number: 20230069334Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.Type: ApplicationFiled: August 17, 2022Publication date: March 2, 2023Applicant: Wiz, Inc.Inventors: Roy REZNIK, Yinon COSTICA, Osher HAZAN, Raaz HERZBERG
-
Patent number: 10523676Abstract: A system and method for detecting unauthorized access to a cloud application hosted in a cloud-computing platform are presented. The method comprising: identifying, by a managed proxy device, a first access attempt to a cloud application at a first time and from a first location; identifying, by a managed proxy device, a second access attempt to the cloud application at a second time and from a second location; computing a velocity between the first access attempt and the second access attempt based on the first time, the second time, the first location, and the second location; checking if the computed velocity is greater than a velocity threshold; and generating a velocity event when the computed velocity is greater than the velocity threshold, wherein the velocity event indicates that an access attempt is unauthorized.Type: GrantFiled: July 12, 2018Date of Patent: December 31, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Yonatan Most, Yinon Costica
-
Publication number: 20180324185Abstract: A system and method for detecting unauthorized access to a cloud application hosted in a cloud-computing platform are presented. The method comprising: identifying, by a managed proxy device, a first access attempt to a cloud application at a first time and from a first location; identifying, by a managed proxy device, a second access attempt to the cloud application at a second time and from a second location; computing a velocity between the first access attempt and the second access attempt based on the first time, the second time, the first location, and the second location; checking if the computed velocity is greater than a velocity threshold; and generating a velocity event when the computed velocity is greater than the velocity threshold, wherein the velocity event indicates that an access attempt is unauthorized.Type: ApplicationFiled: July 12, 2018Publication date: November 8, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Yonatan MOST, Yinon COSTICA
-
Patent number: 10084807Abstract: A method and proxy device for detecting bypass vulnerabilities in a cloud-computing platform are provided. The method includes identifying an access attempt by a client device to a cloud-based application hosted in the cloud-computing platform; identifying login information corresponding to the identified access attempt; requesting authenticated login information from a central authentication system; correlating the login information corresponding to the access attempt with the authenticated login information; determining, based on the correlation, whether a bypass vulnerability exists; and generating a bypass event when it is determined that the bypass vulnerability has been exploited wherein the bypass event indicates that the access attempt to the cloud-based application has not been properly authenticated.Type: GrantFiled: February 26, 2016Date of Patent: September 25, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Yonatan Most, Yinon Costica