	US 12,229,257 B1
	Techniques for preventing cloud identity misuse leveraging runtime context
Ami Luttwak, Binyamina (IL); Alon Schindel, Tel Aviv (IL); Shir Tamari, Tel Aviv (IL); and Ron Cohen, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Mar. 29, 2024, as Appl. No. 18/621,288.
Int. Cl. G06F 21/00 (2013.01); G06F 21/54 (2013.01); G06F 21/55 (2013.01)

CPC G06F 21/554 (2013.01) [G06F 21/54 (2013.01); G06F 21/552 (2013.01)]

19 Claims

1. A method for preventing cloud identity misuse in a cloud computing environment, comprising:

deploying a runtime sensor on a workload in a cloud computing environment;

detecting an event in a cloud log, the event including an identifier of the workload;

associating a runtime process detected by the runtime sensor on the workload with the event detected in the cloud log;

generating an enriched event based on: the detected event, and an identifier of the associated runtime process;

applying a policy on the enriched event; and

initiating a mitigation action in the cloud computing environment based on a result of applying the policy on the enriched event.