Cognitive elasticity of cloud applications
US-2019147089-A1 · May 16, 2019 · US
Techniques for protecting cloud native environments based on cloud resource access
US11290460B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11290460-B2 |
| Application number | US-201816232567-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 26, 2018 |
| Priority date | Dec 26, 2018 |
| Publication date | Mar 29, 2022 |
| Grant date | Mar 29, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for method for protecting cloud native environments based on cloud resource access. The method includes determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for protecting cloud native environments based on cloud resource access, comprising: determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources, wherein the resource access data includes historical resources accessed by each of the plurality of cloud assets, wherein each cloud asset provides a cloud service; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access. 2. The method of claim 1 , wherein the mapping further indicates credentials used for accessing the plurality of cloud resources by each of the plurality of cloud assets, wherein the at least one improper resource access includes at least one deviation from the mapping with respect to the credentials. 3. The method of claim 1 , wherein the at least one improper resource access includes a first cloud asset of the plurality of cloud assets accessing a first cloud resource of the plurality of cloud resources, wherein the first cloud asset is not mapped to the first cloud resource. 4. The method of claim 1 , wherein the at least one improper resource access includes an unknown cloud asset accessing one of the plurality of cloud resources, wherein the unknown cloud asset is not among the plurality of cloud assets. 5. The method of claim 1 , further comprising: determining, based on the resource access data, an improperly configured cloud asset of the plurality of cloud assets, wherein the improperly configured cloud asset is configured to access an unnecessary cloud resource of the plurality of cloud resources, wherein the unnecessary cloud resource has been accessed by the improperly configured cloud asset below a threshold number of times. 6. The method of claim 5 , wherein the mitigation actions further include reconfiguring the improperly configured cloud asset, wherein the reconfigured cloud asset is not configured to access the at least one unnecessary resource. 7. The method of claim 1 , further comprising: detecting presence of at least one set of unnecessary credentials in the cloud native environment, wherein the at least one improper resource access includes the presence of the at least one set of unnecessary credentials, wherein the at least one set of unnecessary credentials includes at least one of: a set of credentials stored in a user folder, a set of credentials that has not been used in at least a threshold period of time, and a set of credentials stored by a user who is not authorized to store credentials. 8. The method of claim 1 , further comprising: obtaining the resource access data, wherein obtaining the resource access data includes at least one of: retrieving a list of permissions for each of the plurality of cloud assets, querying a metadata application programming interface for credentials used by the plurality of cloud assets, accessing historical access data for a cloud provider of the cloud native environment, checking credential use stored in memory, and retrieving historical authentication information from at least one firewall deployed in the cloud native environment. 9. The method of claim 1 , wherein the cloud access security stream includes at least one of: a plurality of Internet Protocol addresses of entities accessing each of the plurality of cloud resources, credentials used by each of the entities to access the plurality of cloud resources, and a plurality of authentication requests. 10. A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising: determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources, wherein the resource access data includes historical resources accessed by each of the plurality of cloud assets, wherein each cloud asset provides a cloud service; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access. 11. A system for cloud native discovery and protection, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: determine a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources, wherein the resource access data includes historical resources accessed by each of the plurality of cloud assets, wherein each cloud asset provides a cloud service; detect at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and perform at least one mitigation action with respect to the detected at least one improper resource access. 12. The system of claim 11 , wherein the mapping further indicates credentials used for accessing the plurality of cloud resources by each of the plurality of cloud assets, wherein the at least one improper resource access includes at least one deviation from the mapping with respect to the credentials. 13. The system of claim 11 , wherein the at least one improper resource access includes a first cloud asset of the plurality of cloud assets accessing a first cloud resource of the plurality of cloud resources, wherein the first cloud asset is not mapped to the first cloud resource. 14. The system of claim 11 , wherein the at least one improper resource access includes an unknown cloud asset accessing one of the plurality of cloud resources, wherein the unknown cloud asset is not among the plurality of cloud assets. 15. The system of claim 11 , wherein the system is further configured to: determine, based on the resource access data, an improperly configured cloud asset of the plurality of cloud assets, wherein the improperly configured cloud asset is configured to access an unnecessary cloud resource of the plurality of cloud resources, wherein the unnecessary cloud resource has been accessed by the improperly configured cloud asset below a threshold number of times. 16. The system of claim 15 , wherein the mitigation actions further include reconfiguring the improperly configured cloud asset, wherein the reconfigured cloud asset i
Assignees
Inventors
Classifications
the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV · CPC title
Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities (flow or congestion control using dynamic resource allocation, e.g. in-call renegotiation, H04L47/76) · CPC title
Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
- H04L63/102Primary
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11290460B2 cover?
- A system and method for method for protecting cloud native environments based on cloud resource access. The method includes determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, whe…
- Who is the assignee on this patent?
- Twistlock Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).