Systems and methods for evaluating security software configurations
First Claim
1. A computer-implemented method for evaluating security software configurations, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, within a software security system, a live configuration comprising active configuration settings applied by the software security system when protecting a computing system against abnormal activity;
establishing, for the software security system, a test configuration comprising at least one configuration setting that is different from the live configuration;
recording a live result of the software security system performing, using the live configuration, a protective action that protects the computing system against abnormal activity;
generating an alternate result of the protective action by performing the protective action on the computing system using the test configuration instead of the live configuration and without applying changes resulting from the protective action to the computing system; and
performing a security action based on the live result of the protective action and the alternate result of the protective action, wherein performing the security action comprises providing the live result of the protective action and the alternate result of the protective action to a backend system that;
associates the live result and the alternate result with metadata about the computing system in a database;
enables client software security systems to search the database based on metadata about computing systems protected by the software security systems to find a suggested configuration for the client software security system; and
provides, by a user interface of the client software security system, a result of the search to an administrator of the client software security system.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for evaluating security software configurations may include (1) identifying, within a software security system, a live configuration that includes active configuration settings applied by the software security system when protecting a computing system, (2) establishing a test configuration that includes at least one configuration setting that is different from the live configuration, (3) recording a live result of the software security system performing a protective action using the live configuration, (4) generating an alternate result of the protective action by performing the protective action using the test configuration instead of the live configuration and without applying changes resulting from the protective action to the computing system, and (5) performing a security action based on the live result of the protective action and the alternate result of the protective action. Various other methods, systems, and computer-readable media are also disclosed.
14 Citations
16 Claims
-
1. A computer-implemented method for evaluating security software configurations, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, within a software security system, a live configuration comprising active configuration settings applied by the software security system when protecting a computing system against abnormal activity; establishing, for the software security system, a test configuration comprising at least one configuration setting that is different from the live configuration; recording a live result of the software security system performing, using the live configuration, a protective action that protects the computing system against abnormal activity; generating an alternate result of the protective action by performing the protective action on the computing system using the test configuration instead of the live configuration and without applying changes resulting from the protective action to the computing system; and performing a security action based on the live result of the protective action and the alternate result of the protective action, wherein performing the security action comprises providing the live result of the protective action and the alternate result of the protective action to a backend system that; associates the live result and the alternate result with metadata about the computing system in a database; enables client software security systems to search the database based on metadata about computing systems protected by the software security systems to find a suggested configuration for the client software security system; and provides, by a user interface of the client software security system, a result of the search to an administrator of the client software security system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for evaluating security software configurations, the system comprising:
-
an identification module, stored in memory, that identifies, within a software security system, a live configuration comprising active configuration settings applied by the software security system when protecting a computing system against abnormal activity; an establishing module, stored in memory, that establishes, for the software security system, a test configuration comprising at least one configuration setting that is different from the live configuration; a recording module, stored in memory, that records a live result of the software security system performing, using the live configuration, a protective action that protects the computing system against abnormal activity; a generation module, stored in memory, that generates an alternate result of the protective action by performing the protective action on the computing system using the test configuration instead of the live configuration and without applying changes resulting from the protective action to the computing system; a security module, stored in memory, that performs a security action based on the live result of the protective action and the alternate result of the protective action, wherein performing the security action comprises providing the live result of the protective action and the alternate result of the protective action to a backend system that; associates the live result and the alternate result with metadata about the computing system in a database; enables client software security systems to search the database based on metadata about computing systems protected by the software security systems to find a suggested configuration for the client software security system; and provides, by a user interface of the client software security system, a result of the search to an administrator of the client software security system; and at least one physical processor configured to execute the identification module, the establishing module, the recording module, the generation module, and the security module. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, within a software security system, a live configuration comprising active configuration settings applied by the software security system when protecting a computing system against abnormal activity; establish, for the software security system, a test configuration comprising at least one configuration setting that is different from the live configuration; record a live result of the software security system performing, using the live configuration, a protective action that protects the computing system against abnormal activity; generate an alternate result of the protective action by performing the protective action on the computing system using the test configuration instead of the live configuration and without applying changes resulting from the protective action to the computing system; and perform a security action based on the live result of the protective action and the alternate result of the protective action, wherein performing the security action comprises providing the live result of the protective action and the alternate result of the protective action to a backend system that; associates the live result and the alternate result with metadata about the computing system in a database; enables client software security systems to search the database based on metadata about computing systems protected by the software security systems to find a suggested configuration for the client software security system; and provides, by a user interface of the client software security system, a result of the search to an administrator of the client software security system.
-
Specification