System and method for cybersecurity threat detection utilizing static and runtime data

Assignee

• Wiz, Inc. · US

Inventors

• Aviel FOGEL · Tel Aviv-Yafo, IL
• Udi REITBLAT · Tel Aviv-Yafo, IL
• Alon SCHINDEL · Tel Aviv-Yafo, IL
• Ami Luttwak · Binyamina - Givat Ada, IL
• Roy REZNIK · Tel Aviv-Yafo, IL
• Yinon COSTICA · Tel Aviv-Yafo, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/032
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for improved endpoint detection and response (EDR) in a cloud computing environment configures a resource deployed in a cloud computing environment to deploy thereon a sensor, configured to listen on a data link layer for an event. The method further includes detecting a potential cybersecurity threat on the resource; sending a definition based on the cybersecurity threat to the sensor, wherein the definition includes a logical expression, which when applied to an event produces a binary outcome, and wherein the sensor is further configured to apply the definition to the event; determining that the potential cybersecurity threat is an actual cybersecurity threat in response to the produced binary outcome having a predetermined value; and generating an instruction to perform a mitigation action based on the actual cybersecurity threat.