US 12,411,937 B2
System and method for detecting excessive permissions in identity and access management
Or Heller, Tel Aviv (IL); Raaz Herzberg, Tel Aviv (IL); Yaniv Joseph Oliver, Tel Aviv (IL); Osher Hazan, Mazkeret Batia (IL); Niv Roit Ben David, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); and Roy Reznik, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Dec. 29, 2022, as Appl. No. 18/148,070.
Application 18/148,070 is a continuation in part of application No. 18/055,180, filed on Nov. 14, 2022.
Claims priority of provisional application 63/267,368, filed on Jan. 31, 2022.
Claims priority of provisional application 63/283,376, filed on Nov. 26, 2021.
Claims priority of provisional application 63/283,379, filed on Nov. 26, 2021.
Claims priority of provisional application 63/283,378, filed on Nov. 26, 2021.
Claims priority of provisional application 63/264,550, filed on Nov. 24, 2021.
Prior Publication US 2023/0161871 A1, May 25, 2023
Int. Cl. G06F 21/53 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/53 (2013.01) [G06F 21/6218 (2013.01); G06F 2221/033 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A method for detecting excessive permissions of a principal in a cloud computing environment, comprising:
accessing a configuration code, the configuration code including a plurality of code objects, wherein a code object of the plurality of code objects corresponds to a deployed principal in the cloud computing environment;
detecting in a log a plurality of access events, each access event associated with a first principal deployed in the cloud computing environment based on a first code object of the plurality of code objects;
determining that the first code object includes a permission which is not utilized in any of the plurality of access events; and
initiating a mitigation action for the first principal based on the permission.