US 12,231,434 B1
Cloud data attack surface tracking using graph-based excessive privilege detection
Yang Zhang, Fremont, CA (US); Ajay Agrawal, Bangalore (IN); and Ravishankar Ganesh Ithal, Los Altos, CA (US)
Assigned to Normalyze, Inc., Los Altos, CA (US)
Filed by Normalyze, Inc., Los Altos, CA (US)
Filed on Jul. 26, 2024, as Appl. No. 18/785,419.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/104 (2013.01) [H04L 63/105 (2013.01); H04L 63/108 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
detecting occurrence of an event in a cloud environment;
obtaining an indication of an identity associated with the event;
obtaining an indication of a usage time stamp representing usage time of a privilege in association with the identity for the event in the cloud environment;
classifying the privilege into a classification group selected from a plurality of predefined classification groups, each respective classification group, of the plurality of predefined classification groups, grouping a respective set of privileges defined in the cloud environment;
obtaining a grant time stamp representing a grant time of at least one privilege, in the respective set of privileges in the classification group, to the identity;
based on the usage time stamp and the grant time stamp, generating an excessive privilege determination that indicates the classification group includes at least one excessive privilege; and
performing a computing action based on the excessive privilege determination.