US 12,463,997 B1
Attack path risk mitigation by a data platform using static and runtime data
Xiaofei Guo, Sunnyvale, CA (US); John Payyappillil John, Seattle, WA (US); Matti A. Vanninen, Cary, NC (US); Theodore M. Reed, Berkeley Heights, NJ (US); Nolan K. Karpinski, San Francisco, CA (US); Mary L Singh, Arlington, VA (US); Sowmya A. Karmali, Tustin, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Lacework, Inc., Mountain View, CA (US)
Filed on Sep. 7, 2023, as Appl. No. 18/243,520.
Application 18/243,520 is a continuation in part of application No. 18/119,045, filed on Mar. 8, 2023, granted, now 11,882,141.
Application 18/119,045 is a continuation of application No. 17/510,179, filed on Oct. 25, 2021, granted, now 11,637,849, issued on Apr. 25, 2023.
Application 17/510,179 is a continuation of application No. 16/786,822, filed on Feb. 10, 2020, granted, now 11,157,502, issued on Oct. 26, 2021.
Application 16/786,822 is a continuation of application No. 16/134,806, filed on Sep. 18, 2018, granted, now 10,614,071, issued on Apr. 7, 2020.
Claims priority of provisional application 63/422,950, filed on Nov. 5, 2022.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 9/40 (2022.01); G06F 16/2455 (2019.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
identifying, by a data platform based on static workload data associated with a compute environment, one or more attack paths from a network to one or more datasets associated with an entity, the one or more attack paths each including a series of risk artifacts within the compute environment that could be exploited by an attacker to access the one or more datasets;
accessing, by the data platform, runtime workload data associated with the compute environment;
determining, based on differences between the static workload data and the runtime workload data, privilege configurations or access configurations that are unused or partially-used by the entity; and
performing, by the data platform based on the runtime workload data, a risk mitigation operation associated with the one or more attack paths.