US 12,192,246 B2
Hardening of cloud security policies
Adi Raff, Modiin (IL); Amnon Lotem, Ramot Hashavim (IL); Yaniv Amram, Tel Aviv (IL); Leo Reznik, Tel Aviv (IL); Tal Halpern, Eshtaol (IL); and Nissim Pariente, Kiryat Ono (IL)
Assigned to Radware Ltd., Tel Aviv (IL)
Filed by Radware Ltd., Tel Aviv (IL)
Filed on Apr. 19, 2023, as Appl. No. 18/302,851.
Application 18/302,851 is a continuation of application No. 16/429,699, filed on Jun. 3, 2019, granted, now 11,637,864.
Claims priority of provisional application 62/805,112, filed on Feb. 13, 2019.
Prior Publication US 2023/0262096 A1, Aug. 17, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); H04L 41/28 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 41/28 (2013.01); H04L 63/0263 (2013.01); H04L 63/101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for hardening cloud security policies of a cloud computing platform, comprising:
analyzing each of a plurality of permission usage maps, one for each cloud entity of a plurality of cloud entities included in the cloud computing platform to discover at least one hardening gap, wherein each hardening gap is at least a difference between permissions granted and permissions used by one of the plurality of cloud entities, wherein each of the permission usage maps represents the permissions granted to a respective one of the cloud entities and the permissions used by that respective at least one of the cloud entities;
for each discovered hardening gap, computing a risk score designating a potential risk reduction achieved by addressing the hardening gap;
generating at least one hardening recommendation for the at least one hardening gap and its respective computed risk score; and
applying the at least one hardening recommendation to a cloud security policy from a plurality of cloud security policies provisioned to protect the cloud entities, thereby hardening the cloud computing platform.