SYSTEM AND METHOD FOR DETECTING LATERAL MOVEMENT USING SSH PRIVATE KEYS

Organization Name

Wiz, Inc.

Inventor(s)

Avi Tal Lichtenstein of Tel Aviv (IL)

Ami Luttwak of Binyamina (IL)

Yinon Costica of Tel Aviv (IL)

SYSTEM AND METHOD FOR DETECTING LATERAL MOVEMENT USING SSH PRIVATE KEYS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240250959 titled 'SYSTEM AND METHOD FOR DETECTING LATERAL MOVEMENT USING SSH PRIVATE KEYS

The abstract describes a system and method for detecting lateral movement in a cloud computing environment based on an exposed cryptographic network protocol (CNP) key.

• Inspecting a first workload for a private CNP key associated with a hash of a public CNP key.
• Detecting a representation of the public CNP key in a security database.
• Generating a lateral movement path that includes an identifier of a second workload connected to the public CNP key representation.

Potential Applications: - Cloud security systems - Network monitoring tools - Cryptographic key management solutions

Problems Solved: - Detecting unauthorized lateral movement in cloud environments - Enhancing security measures in cloud computing - Preventing data breaches and unauthorized access

Benefits: - Improved cloud security - Early detection of potential threats - Enhanced data protection and privacy

Commercial Applications: Title: Cloud Security System for Lateral Movement Detection This technology can be used by cloud service providers, cybersecurity companies, and businesses with cloud-based operations to enhance their security measures and protect sensitive data.

Prior Art: Researchers can explore existing patents related to cloud security, cryptographic key management, and network monitoring to understand the evolution of technologies in this field.

Frequently Updated Research: Stay updated on the latest advancements in cloud security, cryptographic protocols, and network monitoring tools to ensure the effectiveness of this lateral movement detection system.

Questions about Lateral Movement Detection: 1. How does this system differentiate between legitimate and unauthorized lateral movements? 2. What measures are in place to ensure the accuracy and reliability of detecting lateral movements in real-time?

By implementing this innovative system, cloud computing environments can strengthen their security measures and protect against potential threats effectively.

Original Abstract Submitted

a system and method for detecting lateral movement based on an exposed cryptographic network protocol (cnp) key in a cloud computing environment. the method includes: inspecting a first workload for a private cnp key, the private cnp key associated with a hash of a public cnp key; detecting in a security database a representation of the public cnp key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public cnp key.