US 12,278,840 B1
Efficient representation of multiple cloud computing environments through unified identity mapping
Avihai Berkovitz, Tel Aviv (IL); George Pisha, Giv'atayim (IL); Yaniv Joseph Oliver, Tel Aviv (IL); and Udi Reitblat, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Mar. 14, 2022, as Appl. No. 17/654,668.
Claims priority of provisional application 63/222,709, filed on Jul. 16, 2021.
Int. Cl. G06F 21/00 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/10 (2013.01); H04L 63/1433 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for generating a security graph utilizing a unified model based on multiple cloud computing environments, comprising:
receiving data from a first cloud computing environment pertaining to: a plurality of resources, a plurality of principals, and a plurality of permissions;
generating for each resource of the plurality of resources a corresponding resource node in the security graph based on the unified model, the corresponding resource node including an identifier of the resource, wherein the resource is a cloud entity deployed in the first cloud computing environment;
generating for each principal of the plurality of principals a corresponding principal node in the security graph based on the unified model, the corresponding principal node including an identifier of the principal, wherein the principal is a cloud entity in the first cloud computing environment that generates a request for an operation in the first cloud computing environment; and
generating a connection between at least a principal node and at least a resource node in the security graph based on the unified model, in response to detecting a permission indicating that a principal corresponding to the at least a principal node can access a resource corresponding to the at least a resource node.