US 12,335,267 B1
Visual exploration for efficient access analysis for cloud provider entities
Evan Samek, Washington, DC (US); Nicholas Tobolski, Arlington, VA (US); James Martin, Washington, DC (US); Mohamed Chalal, Oakton, VA (US); Alireza Abedinzadehvatankhah, Washington, DC (US); and Kris Rivera, Alexandria, VA (US)
Assigned to Rapid7, Inc., Boston, MA (US)
Filed by Rapid7, Inc., Boston, MA (US)
Filed on Feb. 10, 2022, as Appl. No. 17/669,146.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); H04L 41/22 (2022.01)
CPC H04L 63/101 (2013.01) [H04L 41/22 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for analyzing access policies controlling access by one or more entities to one or more cloud computing resources hosted by a cloud service provider, the system comprising:
one or more hardware processors configured to:
receive, via a visual exploration graphical user interface (GUI), a request to display actions that an entity is allowed to perform with respect to a cloud computing resource; and
responsive to receiving the request:
analyze a set of access policies applied by a platform of the cloud service provider to identify, from among the set of access policies, a subset of one or more access policies applicable to the entity and the cloud computing resource;
determine, using the subset of one or more access policies, a first set of one or more actions that the entity is allowed to perform with respect to the cloud computing resource; and
generate, within the visual exploration GUI:
one or more selectable GUI elements corresponding to one or more access policies in the subset of one or more access policies, and
one or more GUI elements corresponding to one or more actions in the first set of one or more actions;
simulate, within the visual exploration GUI, updating a set of controlling policies, the simulating comprising:
receiving input, via at least one of the one or more selectable GUI elements, indicating that at least one of the one or more access policies is to be added to or removed from the set of controlling policies, and
responsive to the input, updating the visual exploration GUI to display a second set of one or more actions that the entity would be allowed to perform with respect to the cloud computing resource if the at least one or more of the one or more access policies were added to or removed from the set of controlling policies, wherein the first set of one or more actions is different from the second set of one or more actions;
configure the platform of the cloud service provider to control access to the one or more cloud computing resources in accordance with an updated set of controlling policies obtained via the addition or removal of the at least one of the one or more access policies to or from the set of controlling policies; and
cause the platform of the cloud service provider to execute one or more security services in accordance with the updated set of controlling policies.