US 12,278,819 B1
Cybersecurity threat detection utilizing unified identity mapping and permission detection
Avihai Berkovitz, Tel Aviv (IL); George Pisha, Giv'atayim (IL); Yaniv Joseph Oliver, Tel Aviv (IL); and Udi Reitblat, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Jul. 15, 2022, as Appl. No. 17/812,909.
Claims priority of provisional application 63/222,714, filed on Jul. 16, 2021.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/104 (2013.01) [H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for detecting effective permissions of a principal in a cloud computing environment, comprising:
detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment;
selecting a first principal node from the group of principal nodes, wherein the first principal node is representative of all of the principal nodes of the group;
determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and
associating the group of principal nodes with the determined permission thereby representing a grant of the determined permission to each principal node of the group of principal nodes.