Cloud data security posture detection based on network communication paths and sensitivity data
US12335281B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 19, 2024 |
| Grant date | Jun 17, 2025 |
| Priority date | — |
| Expiry date | Feb 19, 2044 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2141
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to accessing permissions data and access control data for pairs of compute resources and storage resources, tracing network communication paths between the pairs of the compute resources and the storage resources based on the permissions data and the access control data, accessing sensitivity classification data for objects in the storage resources, and qualifying a subset of the pairs of the compute resources and the storage resources as vulnerable to breach attack based on an evaluation of the permissions data, the access control data, and the sensitivity classification data against at least one risk criterion. A representation of propagation of the breach attack along the network communication paths is generated, the representation identifying relationships between the subset of the pairs of the compute resources and the storage resources.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.