Patent · US Revoked

System and method for detecting excessive permissions in identity and access management

US12411937B2 · kind B2 · utility

0Cited by

146References

23Claims

0Family size

Assignee

Wiz, Inc. · US

Inventors

Or HELLER · Tel Aviv-Yafo, IL
Raaz HERZBERG · Tel Aviv-Yafo, IL
Yaniv Joseph Oliver · Tel Aviv-Yafo, IL
Osher HAZAN · Mazkeret Batya, IL
Niv Roit BEN DAVID · Tel Aviv-Yafo, IL
Ami Luttwak · Binyamina - Givat Ada, IL
Roy REZNIK · Tel Aviv-Yafo, IL

Key dates

Filing date	Dec 29, 2022
Grant date	Sep 9, 2025
Priority date	—
Expiry date	Dec 23, 2043

Classification

Technology area (CPC —)General

Abstract

A system and method for detecting excessive permissions of a principal in a cloud computing environment utilizes code objects of infrastructure as code. The method also includes accessing a configuration code, the configuration code including a plurality of code objects, where a code object of the plurality of code objects corresponds to a deployed principal in the cloud computing environment; detecting in a log a plurality of access events, each access event associated with a first principal deployed in the cloud computing environment based on a first code object of the plurality of code objects; determining that the first code object includes a permission which is not utilized in any of the plurality of access events; and initiating a mitigation action for the first principal based on the permission.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.