	US 12,470,583 B1
	Techniques for active inspection detection of effective network exposure through a cloud-native proxy appliance
Ron David Ben Arzi, Kyoto (JP); Ami Luttwak, Binyamina (IL); Shai Keren, Oporto (PT); and Oron Noah, Geulim (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on May 23, 2025, as Appl. No. 19/217,385.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)

CPC H04L 63/1425 (2013.01) [H04L 63/02 (2013.01); H04L 63/20 (2013.01)]

19 Claims

1. A method for agentless detection of network exposure of a software appliance, comprising:

detecting a software appliance in a cloud computing environment, wherein the software appliance includes an immutable preconfigured, self-contained software application;

inspecting the software appliance utilizing agentless inspection for a proxy-type application;

detecting network traffic associated with the software appliance;

generating a network path based on the network traffic and a network identifier of at least a component of the cloud computing environment based on detecting the proxy-type application and an identifier of the at least a component in the detected network traffic;

actively inspecting the generated network path through an external network, wherein the external network is external to the cloud computing environment;

determining that the network path exposes the at least a component based on a result of actively inspecting the generated network path; and

initiating a remediation action based on the result of the active inspection.