US 12,244,627 B2
Techniques for active inspection of vulnerability exploitation using exposure
Matilda Lidgi, Tel Aviv (IL); Shai Keren, Tel Aviv (IL); Raaz Herzberg, Tel Aviv (IL); Avi Tal Lichtenstein, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); and Roy Reznik, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., Palo Alto, CA (US)
Filed on Apr. 13, 2022, as Appl. No. 17/659,164.
Prior Publication US 2023/0336578 A1, Oct. 19, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/00 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1433 (2013.01) [H04L 63/10 (2013.01); H04L 63/20 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method for active inspection of vulnerability exploitation in a cloud computing environment, comprising:
receiving at least one network path to access a first resource, wherein the first resource is a cloud object deployed in the cloud computing environment and the cloud object having a known vulnerability, wherein the first resource is potentially accessible from an external network which is external to the cloud computing environment;
actively inspecting the at least one network path to determine if the first resource is accessible through the at least one network path from the external network;
generating a trigger instruction, based on at least one predetermined triggering instruction, wherein each of the at least one predetermined triggering instruction is programmed to trigger the known vulnerability in the first resource and wherein the at least one predefined triggering instruction, when executed by the first resource, causes the first resource to generate a predetermined outcome; and
triggering the known vulnerability to determine if the first resource can be exploited with the known vulnerability, in response to determining that the first resource is accessible through the external network.