-
公开(公告)号:US10749910B1
公开(公告)日:2020-08-18
申请号:US16857874
申请日:2020-04-24
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber , Asaf Hecht
Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.
-
公开(公告)号:US11500985B1
公开(公告)日:2022-11-15
申请号:US17731738
申请日:2022-04-28
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber , Shai Dvash
IPC: G06F21/55
Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.
-
公开(公告)号:US11178154B1
公开(公告)日:2021-11-16
申请号:US17130428
申请日:2020-12-22
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber
Abstract: Disclosed embodiments relate to iteratively developing least-privilege profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity; evaluating each permission within the set of permission vectors, the evaluation being based on at least: whether each permission within the set of permission vectors provides sufficient authorization privileges for the network entity to perform an action, and a number of permissions in the set of permission vectors; selecting a group of the set of permission vectors; creating a new set of permission vectors for the network entity; iterating the evaluation for the new set of permission vectors; determining, following at least one instance of the iteration, whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.
-
4.发明授权公开(公告)号:US12028366B2
公开(公告)日:2024-07-02
申请号:US17199069
申请日:2021-03-11
Applicant: CyberArk Software Ltd.
Inventor: Niv Rabin , Michael Balber , Noa Moyal , Asaf Hecht , Gal Naor
IPC: H04L9/40
CPC classification number: H04L63/1433 , H04L63/105 , H04L63/1416 , H04L63/20
Abstract: Disclosed embodiments relate to systems and methods for dynamically performing entity-specific security assessments for entities of virtualized network environments. Techniques include identifying an entity associated with a virtualized network environment, identifying a plurality of security factors, determining entity-specific weights to the plurality of security factors, and generating a composite exposure assessment for the entity. Further techniques include selecting at least two security factors of the plurality of security factors, identifying the weights corresponding to the selected security factors, and calculating the composite exposure assessment using the selected security factors and corresponding weights, analyzing the composite exposure assessment, and generating at least one of: a security recommendation based on the analysis to alter a scope of privileges of the entity, a notification providing an indication of the composite exposure assessment, or a visual representation of the composite exposure assessment of the entity.
-
公开(公告)号:US11038927B1
公开(公告)日:2021-06-15
申请号:US16936516
申请日:2020-07-23
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber , Asaf Hecht
Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.
-
Patent Agency Ranking
公开(公告)号:US11943228B2
公开(公告)日:2024-03-26
申请号:US17511985
申请日:2021-10-27
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber
IPC: H04L9/40
CPC classification number: H04L63/104 , H04L63/20
Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.
-
公开(公告)号:US11907394B1
公开(公告)日:2024-02-20
申请号:US18080273
申请日:2022-12-13
Applicant: CyberArk Software Ltd.
Inventor: Niv Rabin , Michael Balber , Eli Shemesh
CPC classification number: G06F21/6227 , G06F21/31 , G06F21/604
Abstract: Disclosed embodiments relate to systems and methods for securely performing actions on a resource. Techniques include receiving a request by the entity to perform a privileged action on a resource, the request including a token associated with the entity; providing a first indication of the request to a first handler; providing a second indication of the request to a second handler configured to perform the privileged action on the resource, wherein when the privileged action includes a query, the second indication of the request is provided to a query handler, and when the privileged action includes a write command, the second indication of the request is provided to a command handler.
-
8.发明公开公开(公告)号:US20230367911A1
公开(公告)日:2023-11-16
申请号:US18185276
申请日:2023-03-16
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber , Eli Shemesh
Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a tiered security policy based on the representation of the set of expected build actions, monitoring a dynamic pipeline running the build script, and enforcing the security policy for the dynamic pipeline environment.
-
公开(公告)号:US11693651B1
公开(公告)日:2023-07-04
申请号:US17984856
申请日:2022-11-10
Applicant: CyberArk Software Ltd.
Inventor: Michael Balber , Shai Dvash
Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.
-
10.发明授权公开(公告)号:US11609985B1
公开(公告)日:2023-03-21
申请号:US17741533
申请日:2022-05-11
Applicant: CyberArk Software Ltd.
Inventor: Eli Shemesh , Michael Balber
IPC: G06F21/51
Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a security policy based on the representation of the set of expected build actions, monitoring a build machine running the build script, and enforcing the security policy on the build machine.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.015 seconds)
