Security threat based auto scaling
First Claim
1. A method for auto scaling computing resources in response to a cyber-attack in a service provider environment, the method comprising:
- identifying computing resources in the service provider environment that are being subjected to the cyber-attack, and computing resources that are predicted to be attacked at a subsequent time based on a cyber-attack vector that characterizes the cyber-attack;
determining an expected amount of time before the computing resources in the service provider environment become compromised due to the cyber-attack;
selecting an auto scaling event to perform in the service provider environment using heuristic scaling rules in order to mitigate the cyber-attack, wherein an amount of time to perform the selected auto scaling event is less than the expected amount of time before the computing resources become compromised;
initiating performance of the auto scaling event in the service provider environment;
recalculating the expected amount of time before the computing resources become compromised based on the auto scaling event selected for performance in the service provider environment;
notifying an operator of the cyber-attack, along with a recalculated expected amount of time before the computing resources become compromised, and the auto scaling event selected to mitigate the cyber-attack;
detecting an expected amount of time for the cyber-attack to be completed in view of the auto scaling event performed in the service provider environment; and
determining to throttle or shut down the auto scaling event performed to mitigate the cyber-attack based on the expected amount of time for the cyber-attack to be completed.
2 Assignments
0 Petitions
Accused Products
Abstract
Technology is described for auto scaling computing resources in response to a cyber-attack in a service provider environment. The computing resources in the service provider environment may be detected as being exposed to the cyber-attack. A security scaling action may be performed in the service provider environment that mitigates the cyber-attack. The security scaling action to be performed may be determined by a security threat mitigation service that operates in the service provider environment. A performance of the security scaling action in the service provider environment may be initiated.
-
Citations
19 Claims
-
1. A method for auto scaling computing resources in response to a cyber-attack in a service provider environment, the method comprising:
-
identifying computing resources in the service provider environment that are being subjected to the cyber-attack, and computing resources that are predicted to be attacked at a subsequent time based on a cyber-attack vector that characterizes the cyber-attack; determining an expected amount of time before the computing resources in the service provider environment become compromised due to the cyber-attack; selecting an auto scaling event to perform in the service provider environment using heuristic scaling rules in order to mitigate the cyber-attack, wherein an amount of time to perform the selected auto scaling event is less than the expected amount of time before the computing resources become compromised; initiating performance of the auto scaling event in the service provider environment; recalculating the expected amount of time before the computing resources become compromised based on the auto scaling event selected for performance in the service provider environment; notifying an operator of the cyber-attack, along with a recalculated expected amount of time before the computing resources become compromised, and the auto scaling event selected to mitigate the cyber-attack; detecting an expected amount of time for the cyber-attack to be completed in view of the auto scaling event performed in the service provider environment; and determining to throttle or shut down the auto scaling event performed to mitigate the cyber-attack based on the expected amount of time for the cyber-attack to be completed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method, comprising:
-
detecting computing resources in a service provider environment that are exposed to a cyber-attack; determining a security scaling action to perform in the service provider environment that mitigates the cyber-attack, wherein the security scaling action to be performed is determined using heuristic scaling rules by a security threat mitigation service that operates in the service provider environment; initiating performance of the security scaling action in the service provider environment; detecting an expected amount of time for the cyber-attack to be completed in view of the security scaling action performed in the service provider environment; and determining to shut down the security scaling action performed to mitigate the cyber-attack based on the expected amount of time for the cyber-attack to be completed. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for auto scaling computing resources in response to a cyber-attack in a service provider environment, the system comprising:
-
a processor; a memory device including a data store to store a plurality of data and instructions that, when executed by the processor, cause the processor to; identify computing resources in the service provider environment that are being subjected to the cyber-attack and computing resources that are expected to be subjected to the cyber-attack, the computing resources including a class of computing resources; determine an expected amount of time before the class of computing resources in the service provider environment become compromised due to the cyber-attack, wherein the expected amount of time is determined based on a type of cyber-attack and the class of computing resources that are being subjected to the cyber-attack; select an auto scaling event to perform in the service provider environment in order to mitigate the cyber-attack, wherein an amount of time to perform the selected auto scaling event is less than the expected amount of time before the class of computing resources become compromised, wherein the expected amount of time is recalculated based on the auto scaling event selected for performance in the service provider environment; initiate performance of the auto scaling event in the service provider environment; detect an expected amount of time for the cyber-attack to be completed in view of the auto scaling event performed in the service provider environment; and determine to throttle or shut down the auto scaling event performed to mitigate the cyber-attack based on the expected amount of time for the cyber-attack to be completed. - View Dependent Claims (17, 18, 19)
-
Specification