Decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment

US 10,091,245 B2
Filed: 09/26/2016
Issued: 10/02/2018
Est. Priority Date: 07/24/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a security software service platform executing on a first portion of a plurality of computing resources provided by a distributed computing system, a plurality of network security software components that have been decoupled from hardware components of a plurality of network security devices, wherein the plurality of network security software components provide, at least in part, a plurality of security services capable of protecting a plurality of assets associated with a customer platform;

extending, by the security software service platform, a virtual machine creation template to incorporate access to the plurality of network security software components;

receiving, by the security software service platform, a virtual machine configuration from the customer platform, wherein the virtual machine configuration specifiesa first asset associated with the customer platform and having a first set of security requirements,a second asset associated with the customer platform and having a second set of security requirements,a first security service of the plurality of security services to protect the first asset in accordance with the first set of security requirements, anda second security service of the plurality of security services to protect the second asset in accordance with the second set of security requirements; and

deploying, by the security software service platform, a virtual machine on a second portion of the plurality of computing resources provided by the distributed computing system, wherein the virtual machine is configured in accordance with the virtual machine configuration to provide the first security service of the plurality of security services for the first asset associated with the customer platform and to provide the second security service of the plurality of security services for the second asset associated with the customer platform.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies are disclosed herein for decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment. A computer system includes a processor that can execute computer-executable instructions to perform various operations. The processor can perform operations to provide security services to one or more customer platforms. The operations can include receiving a network security software component from a security service provider, and deploying the network security software component within a distributed computing environment so that the network security software component can be executed by a computing resource of the distributed computing environment to provide a security service to the customer platform(s). The network security software component includes a software component that has been decoupled from a hardware component of a network security device by the security service provider.

Citations

20 Claims

1. A method comprising:
- receiving, by a security software service platform executing on a first portion of a plurality of computing resources provided by a distributed computing system, a plurality of network security software components that have been decoupled from hardware components of a plurality of network security devices, wherein the plurality of network security software components provide, at least in part, a plurality of security services capable of protecting a plurality of assets associated with a customer platform;
  
  extending, by the security software service platform, a virtual machine creation template to incorporate access to the plurality of network security software components;
  
  receiving, by the security software service platform, a virtual machine configuration from the customer platform, wherein the virtual machine configuration specifiesa first asset associated with the customer platform and having a first set of security requirements,a second asset associated with the customer platform and having a second set of security requirements,a first security service of the plurality of security services to protect the first asset in accordance with the first set of security requirements, anda second security service of the plurality of security services to protect the second asset in accordance with the second set of security requirements; and
  
  deploying, by the security software service platform, a virtual machine on a second portion of the plurality of computing resources provided by the distributed computing system, wherein the virtual machine is configured in accordance with the virtual machine configuration to provide the first security service of the plurality of security services for the first asset associated with the customer platform and to provide the second security service of the plurality of security services for the second asset associated with the customer platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising presenting a user interface element of the virtual machine creation template to the customer platform, wherein the user interface element allows a user of the customer platform to provide the virtual machine configuration.
  - 3. The method of claim 1, wherein the customer platform comprises a plurality of mobile devices, and wherein each of the first and second asset comprises a mobile device of the plurality of mobile devices.
  - 4. The method of claim 1, wherein the asset is a virtualized asset operating within the distributed computing system.
  - 5. The method of claim 1, further comprising:
    - provisioning the first security service to protect the first asset and the second security service to protect the second asset; and
      
      providing the first security service to protect the first asset and the second security service to protect the second asset.
  - 6. The method of claim 1, further comprising exposing, by the security software service platform, an application programming interface through which the customer platform provides the virtual machine configuration.
  - 7. The method of claim 6, further comprising:
    - calling a first application programming interface associated with a first network security software component of the plurality of network security software components to provide the first security service of the plurality of security services for the first asset; and
      
      calling a second application programming interface associated with a second network security software component of the plurality of network security software components to provide the second security service of the plurality of security services for the second asset.

8. A distributed computing system comprising:
- a plurality of computing resources; and
  
  a security software service platform comprising instructions that, when executed by a first portion of the plurality of computing resources, performs operations comprisingreceiving a plurality of network security software components that have been decoupled from hardware components of a plurality of network security devices, wherein the plurality of network security software components provide, at least in part, a plurality of security services capable of protecting a plurality of assets associated with a customer platform,extending a virtual machine creation template to incorporate access to the plurality of network security software components,receiving a virtual machine configuration from the customer platform, wherein the virtual machine configuration specifiesa first asset associated with the customer platform and having a first set of security requirements,a second asset associated with the customer platform and having a second set of security requirements,a first security service of the plurality of security services to protect the first asset in accordance with the first set of security requirements, anda second security service of the plurality of security services to protect the second asset in accordance with the second set of security requirements, anddeploying a virtual machine on a second portion of the plurality of computing resources, wherein the virtual machine is configured in accordance with the virtual machine configuration to provide the first security service of the plurality of security services for the first asset associated with the customer platform and to provide the second security service of the plurality of security services for the second asset associated with the customer platform.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The distributed computing system of claim 8, wherein the operations further comprise presenting a user interface element of the virtual machine template to the customer platform, wherein the user interface element allows a user of the customer platform provide the virtual machine configuration.
  - 10. The distributed computing system of claim 8, wherein the customer platform comprises a plurality of mobile devices, and wherein each of the first and second asset comprises a mobile device of the plurality of mobile devices.
  - 11. The distributed computing system of claim 8, wherein the asset is a virtualized asset operating within the distributed computing system.
  - 12. The distributed computing system of claim 8, wherein the operations further comprise:
    - provisioning the first security service to protect the first asset and the second security service to protect the second asset; and
      
      providing the first security service to protect the first asset and the second security service to protect the second asset.
  - 13. The distributed computing system of claim 8, wherein the operations further comprise exposing an application programming interface through which the customer platform provides the virtual machine configuration.
  - 14. The distributed computing system of claim 13, wherein the operations further comprise:
    - calling a first application programming interface associated with a first network security software component of the plurality of network security software components to provide the first security service of the plurality of security services for the first asset; and
      
      calling a second application programming interface associated with a second network security software component of the plurality of network security software components to provide the second security service of the plurality of security services for the second asset.

15. A computer-readable storage medium comprising instructions that, when executed by at least a portion of a plurality of computing resources of a distributed computing system, cause the portion of the plurality of computing resources of the distributed computing system to perform operations comprising:
- receiving a plurality of network security software components that have been decoupled from hardware components of a plurality of network security devices, wherein the plurality of network security software components provide, at least in part, a plurality of security services capable of protecting a plurality of assets associated with a customer platform;
  
  extending a virtual machine creation template to incorporate access to the plurality of network security software components;
  
  receiving a virtual machine configuration from the customer platform, wherein the virtual machine configuration specifiesa first asset associated with the customer platform and having a first set of security requirements,a second asset associated with the customer platform and having a second set of security requirements,a first security service of the plurality of security services to protect the first asset in accordance with the first set of security requirements, anda second security service of the plurality of security services to protect the second asset in accordance with the second set of security requirements; and
  
  deploying a virtual machine on a second portion of the plurality of computing resources, wherein the virtual machine is configured in accordance with the virtual machine configuration to provide the first security service of the plurality of security services for the first asset associated with the customer platform and to provide the second security service of the plurality of security services for the second asset associated with the customer platform.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, wherein the operations further comprise presenting a user interface element of the virtual machine creation template to the customer platform, wherein the user interface element allows a user of the customer platform to provide the virtual machine configuration.
  - 17. The computer-readable storage medium of claim 15, wherein the asset is a virtualized asset operating within the distributed computing system.
  - 18. The computer-readable storage medium of claim 15, wherein the operations further comprise:
    - provisioning the first security service to protect the first asset and the second security service to protect the second asset; and
      
      providing the security service to protect the asset.
  - 19. The computer-readable storage medium of claim 15, wherein the operations further comprise exposing an application programming interface through which the customer platform provides the virtual machine configuration.
  - 20. The computer-readable storage medium of claim 19, wherein the operations further comprise:
    - calling a first application programming interface associated with a first network security software component of the plurality of network security software components to provide the first security service of the plurality of security services for the first asset; and
      
      calling a second application programming interface associated with a second network security software component of the plurality of network security software components to provide the second security service of the plurality of security services for the second asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyocera Corporation
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
O'Hern, William A., Amoroso, Edward G., Barry, Michelle, Ramos, Anthony, Solero, Daniel, Sparrell, Duncan Kirkwood, Dilts, Rodney
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
LE, THANH H

Application Number

US15/276,225
Publication Number

US 20170013020A1
Time in Patent Office

736 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links