20240048566. LATERAL MOVEMENT ANALYSIS USING CERTIFICATE PRIVATE KEYS simplified abstract (Wiz, Inc.)

From WikiPatents
Jump to navigation Jump to search

LATERAL MOVEMENT ANALYSIS USING CERTIFICATE PRIVATE KEYS

Organization Name

Wiz, Inc.

Inventor(s)

Avi Tal Lichtenstein of Tel Aviv (IL)

Ami Luttwak of Binyamina (IL)

Yinon Costica of Tel Aviv (IL)

LATERAL MOVEMENT ANALYSIS USING CERTIFICATE PRIVATE KEYS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240048566 titled 'LATERAL MOVEMENT ANALYSIS USING CERTIFICATE PRIVATE KEYS

Simplified Explanation

The patent application describes a system and method for detecting potential lateral movement in a cloud computing environment. Here is a simplified explanation of the abstract:

  • The system detects a private encryption key and a certificate in the cloud computing environment.
  • The certificate is stored on a resource deployed in the cloud computing environment.
  • The private key and certificate each have a hash value of a respective public key.
  • A security graph is generated to represent the cloud computing environment.
  • The security graph includes nodes for the private key, certificate, and resource.
  • A connection is generated in the security graph between the private key and the certificate if the hash values of their public keys match.
  • If an element of the public key is compromised, an indication is received and the resource node is determined to be potentially compromised.

Potential applications of this technology:

  • Enhancing security in cloud computing environments by detecting potential lateral movement.
  • Protecting sensitive data and resources from unauthorized access.
  • Preventing malicious actors from compromising the integrity of a cloud computing environment.

Problems solved by this technology:

  • Detecting potential lateral movement, where an attacker gains unauthorized access to one resource and attempts to move laterally to other resources in the cloud computing environment.
  • Identifying compromised resources and taking appropriate action to mitigate the potential damage.

Benefits of this technology:

  • Improved security in cloud computing environments.
  • Early detection of potential compromises, allowing for timely response and mitigation.
  • Protection of sensitive data and resources from unauthorized access and potential damage.


Original Abstract Submitted

a system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Retrieved from "http://wikipatents.org/index.php?title=20240048566._LATERAL_MOVEMENT_ANALYSIS_USING_CERTIFICATE_PRIVATE_KEYS_simplified_abstract_(Wiz,_Inc.)&oldid=32970"