US 12,443,720 B2
Techniques for detecting applications paths utilizing exposure analysis
Matilda Lidgi, Tel Aviv (IL); Shai Keren, Tel Aviv (IL); Raaz Herzberg, Tel Aviv (IL); Avi Tal Lichtenstein, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); and Roy Reznik, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Aug. 10, 2022, as Appl. No. 17/818,898.
Prior Publication US 2024/0054229 A1, Feb. 15, 2024
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A method for detecting an application path utilizing active inspection of a cloud computing environment, comprising:
selecting a reachable resource having at least one network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in the cloud computing environment, and accessible from a network which is external to the cloud computing environment;
selecting a second resource having a second network path based on the network path of the reachable resource;
traversing a security graph to detect a second resource node, wherein the second resource node is connected to a first resource node, and wherein the first resource node represents the reachable resource and the second resource node represents the second resource;
generating the second network path further based on an attribute stored in the second resource node; and
actively inspecting the second network path to determine if the second resource is accessible through the second network path from the reachable resource.