Efficient representation of multiple cloud computing environments through unified identity mapping

Assignee

• Wiz, Inc. · US

Inventors

• Avihai Berkovitz · Tel Aviv-Yafo, IL
• George PISHA · Givatayim, IL
• Yaniv Joseph Oliver · Tel Aviv-Yafo, IL
• Udi REITBLAT · Tel Aviv-Yafo, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for generating a security graph utilizing a unified model based on multiple cloud environments are provided. The method includes receiving data from a first cloud environment pertaining to: resources, principals, and permissions; generating for each resource a corresponding resource node in the security graph, the corresponding resource node including an identifier of the resource, wherein the resource is a cloud entity deployed in the first cloud environment; generating for each principal a corresponding principal node in the security graph, the corresponding principal node including an identifier of the principal, wherein the principal is a cloud entity in the first cloud environment that generates an operation request in the first cloud environment; and generating a connection between at least a principal node and at least a resource node in the security graph, in response to detecting a permission indicating that a principal can access a resource.