US 12,003,630 B1
Techniques for circumventing provider-imposed limitations in snapshot inspection of disks for cybersecurity
Shahar Rand, Haifa (IL); Eric Abramov, Holon (IL); Yaniv Shaked, Tel Aviv (IL); and Elad Gabay, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Jul. 26, 2023, as Appl. No. 18/359,493.
Application 18/359,493 is a continuation in part of application No. 18/146,074, filed on Dec. 23, 2022.
Application 18/359,493 is a continuation in part of application No. 18/146,076, filed on Dec. 23, 2022.
Claims priority of provisional application 63/266,031, filed on Dec. 27, 2021.
Int. Cl. H04L 29/06 (2006.01); H04L 9/08 (2006.01); H04L 9/40 (2022.01)
CPC H04L 9/0861 (2013.01) [H04L 63/1416 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for reducing use of restricted operations in a cloud computing environment during cybersecurity threat inspection, comprising:
detecting an encrypted disk in a cloud computing environment, the encrypted disk encrypted utilizing a first key in a key management system (KMS);
generating a second key in the KMS, the second key providing access for a principal of an inspection environment;
generating a snapshot of the encrypted disk;
generating a volume based on the snapshot of the encrypted disk, wherein the volume is re-encrypted with the second key;
generating a snapshot of the re-encrypted volume;
generating an inspectable disk from the snapshot of the re-encrypted volume; and
initiating inspection for a cybersecurity object on the inspectable disk.