US 11,909,731 B1
Dynamic and least-privilege access to secure network resources using ephemeral credentials
Tomer Dayan, Petach-Tikva (IL); Ofir Iluz, Petach-Tikva (IL); and Yaron Nisimov, Petach-Tikva (IL)
Assigned to CYBERARK SOFTWARE LTD, Petach-Tikva (IL)
Filed by CyberArk Software Ltd., Petach-Tikva (IL)
Filed on Nov. 29, 2022, as Appl. No. 18/059,737.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/083 (2013.01) [H04L 63/0263 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing dynamic and least-privilege access to a network resource, the operations comprising:
receiving a request from a network identity to access a network resource;
authenticating the network identity using a native client and communication protocol, wherein the native client is configured for communicating transparently with the network resource, and wherein the authentication occurs using an agentless technique in an agentless environment;
authorizing the network identity based on one or more access policy, the one or more access policy comprising rules for network resource accessibility;
generating a least-privilege ephemeral account having ephemeral credentials, based on the one or more access policy and a minimum level of access needed to perform the request;
accessing the network resource using the ephemeral credentials; and
enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol.