Efficient identification and remediation of excessive privileges of identity and access management roles and policies
US11895121B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 20, 2023 |
| Grant date | Feb 6, 2024 |
| Priority date | — |
| Expiry date | Mar 20, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method includes executing a configuration engine on one or more data processing device(s) of a computing system. In accordance with the execution, the method also includes discovering at least a subset of a number of resources associated with a target environment of the computing system, generating an environment definition associated with the target environment, building baseline configurations, policies, and metadata for at least the subset of the number of resources, and versioning the aforementioned data. Further, the method includes, in accordance with tracking the metadata versioned in the repository, automatically scanning at least the subset of the number of resources and retrieving a first and/or a second specific configuration based on the scanning, and automatically determining a misconfiguration based on comparing the first specific configuration to a corresponding baseline configuration and/or verifying that a sequence of configurations is correctly defined based on the second specific configuration.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.