	US 11,985,185 B2
	System and method for analyzing network objects in a cloud environment
Shai Keren, Tel Aviv (IL); Daniel Hershko Shemesh, Givat Shmuel (IL); Roy Reznik, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); and Avihai Berkovitz, Tel Aviv (IL)
Assigned to WIZ, INC., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Sep. 29, 2023, as Appl. No. 18/478,534.
Application 18/478,534 is a continuation of application No. 18/341,134, filed on Jun. 26, 2023.
Application 18/341,134 is a continuation of application No. 17/819,442, filed on Aug. 12, 2022, granted, now 11,722,554, issued on Aug. 8, 2023.
Application 17/819,442 is a continuation of application No. 17/109,883, filed on Dec. 2, 2020, granted, now 11,431,786, issued on Aug. 30, 2022.
Prior Publication US 2024/0031425 A1, Jan. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 15/173 (2006.01); H04L 9/40 (2022.01); H04L 41/046 (2022.01); H04L 41/50 (2022.01); H04L 49/00 (2022.01); H04L 67/10 (2022.01)

CPC H04L 67/10 (2013.01) [H04L 41/046 (2013.01); H04L 41/5096 (2013.01); H04L 49/70 (2013.01); H04L 63/1433 (2013.01)]

11 Claims

1. A method for detecting network vulnerability based on network path exposure, comprising:

collecting network object data on a plurality of network objects deployed in a cloud computing environment;

constructing a network graph based on the collected network object data, wherein the network graph includes network objects identified in the cloud computing environment;

determining relationships between the identified network objects in the network graph, wherein the determined relationships between the identified network objects includes descriptions of connections between the identified network objects;

analyzing the network graph and the determined relationships to generate insights, wherein the generated insights include determining that a network object is exposed to an external network; and

tagging network objects in the network graph for which the insight is generated.