	US 12,489,781 B2
	Techniques for lateral movement detection in a cloud computing environment
Or Heller, Tel Aviv (IL); Raaz Herzberg, Tel Aviv (IL); Yaniv Joseph Oliver, Tel Aviv (IL); Osher Hazan, Mazkeret Batia (IL); Niv Roit Ben David, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); and Roy Reznik, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Dec. 29, 2022, as Appl. No. 18/148,036.
Application 18/148,036 is a continuation in part of application No. 18/055,180, filed on Nov. 14, 2022.
Claims priority of provisional application 63/283,376, filed on Nov. 26, 2021.
Claims priority of provisional application 63/283,379, filed on Nov. 26, 2021.
Claims priority of provisional application 63/283,378, filed on Nov. 26, 2021.
Claims priority of provisional application 63/264,550, filed on Nov. 24, 2021.
Prior Publication US 2023/0164174 A1, May 25, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 16/901 (2019.01)

CPC H04L 63/1441 (2013.01) [G06F 16/9024 (2019.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)]

19 Claims

1. A method for detecting lateral movement in a cloud computing environment based on configuration code, comprising:

accessing a configuration code, the configuration code including a plurality of code objects, wherein a code object of the plurality of code objects corresponds to a cloud entity deployed in the cloud computing environment;

selecting an identifier of an exposed cloud entity, the cloud entity associated with a secret;

querying a security graph based on the identifier to detect a node representing the secret, wherein the node representing the secret is connected to a node representing the exposed cloud entity;

traversing the security graph to detect a second node connected to the node representing the secret, the second node representing a second cloud entity deployed based on the code object of the plurality of code objects; and

generating a mitigation action based on the second cloud entity.