Monitoring usage of an application to identify characteristics and trigger security control

US 10,607,021 B2
Filed: 01/26/2018
Issued: 03/31/2020
Est. Priority Date: 01/26/2018
Status: Active Grant

First Claim

Patent Images

1. A computing environment for monitoring usage of an application to identify characteristics and trigger security control, the computing environment comprising:

an originating system having a computing platform having a memory and at least one processor in communication with the memory;

a plurality of networked communication channels each configured to communicate one or more of a plurality of instructions for interacting with one or more control systems and one or more downstream resources in response to calling of an originating application by the originating system; and

an application system in operative communication with the originating system and the plurality of networked communication channels and for providing automatic application characteristic identification and triggering security control, and comprising a computing platform having a memory and at least one processor in communication with the memory, the memory comprising computer-executable instructions, that when executed cause the processor to;

perform a query configured to identify any application calls performed in a predetermined period of time within the computing environment;

for each identified application call, build a corresponding application characteristics entry in a database;

for each identified application call, identify a plurality of characteristics of the called application including at least one downstream resource;

associate the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping;

identify one or more security controls associated with each of the applications in the application mapping;

associate the identified one or more security controls with the associated application characteristics entry in the application mapping; and

automatically trigger assessment of an effectiveness of the one or more security controls in response to identifying a future application call.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing environment for monitoring usage of an application to identify characteristics and trigger security control includes an application system that performs a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, builds a corresponding application characteristics entry in a database; for each identified application call, identifies a plurality of characteristics of the called application including at least one downstream resource; associates the identified plurality of characteristics with the application characteristics entry in the database, thereby creating an application mapping; identifies security controls associated with each of the applications in the application mapping; associates the identified security controls with the associated application characteristics entry in the application mapping; and automatically triggers assessment of an effectiveness of the security controls in response to identifying a future application call.

29 Citations

20 Claims

1. A computing environment for monitoring usage of an application to identify characteristics and trigger security control, the computing environment comprising:
- an originating system having a computing platform having a memory and at least one processor in communication with the memory;
  
  a plurality of networked communication channels each configured to communicate one or more of a plurality of instructions for interacting with one or more control systems and one or more downstream resources in response to calling of an originating application by the originating system; and
  
  an application system in operative communication with the originating system and the plurality of networked communication channels and for providing automatic application characteristic identification and triggering security control, and comprising a computing platform having a memory and at least one processor in communication with the memory, the memory comprising computer-executable instructions, that when executed cause the processor to;
  
  perform a query configured to identify any application calls performed in a predetermined period of time within the computing environment;
  
  for each identified application call, build a corresponding application characteristics entry in a database;
  
  for each identified application call, identify a plurality of characteristics of the called application including at least one downstream resource;
  
  associate the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping;
  
  identify one or more security controls associated with each of the applications in the application mapping;
  
  associate the identified one or more security controls with the associated application characteristics entry in the application mapping; and
  
  automatically trigger assessment of an effectiveness of the one or more security controls in response to identifying a future application call.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - periodically perform subsequent queries; and
      
      add an additional application characteristics entry in the application mapping of the database.
  - 3. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - automatically initiate a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
  - 4. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - initiate presentation of an administrative dashboard comprising;
      
      information related to the assessmentaccess management controls; and
      
      exposure-application mapping information.
  - 5. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - transmit instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems;
      
      receive responses from the two or more control systems; and
      
      communicate information from the responses to an administrative system.
  - 6. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - initiate communication of information related to the assessment to one or more control owners associated with the one or more security controls.
  - 7. The computing environment of claim 1, wherein the computer-executable instructions, when executed further cause the processor to:
    - in response to the assessment, automatically initiate remedial actions.

8. A method for monitoring usage of an application to identify characteristics and trigger security control, the method comprising:
- performing, by an application system, a query configured to identify any application calls performed in a predetermined period of time within the computing environment;
  
  for each identified application call, building, by the application system, a corresponding application characteristics entry in a database;
  
  for each identified application call, identifying, by the application system, a plurality of characteristics of the called application;
  
  associating, by the application system, the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping;
  
  identifying, by the application system, one or more security controls associated with each of the applications in the application mapping;
  
  associating, by the application system, the identified one or more security controls with the associated application characteristics entry in the application mapping; and
  
  automatically triggering assessment, by the application system, of an effectiveness of the one or more security controls in response to identifying a future application call.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - periodically performing subsequent queries; and
      
      adding an additional application characteristics entry in the application mapping of the database.
  - 10. The method of claim 8, further comprising:
    - automatically initiating a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
  - 11. The method of claim 8, further comprising:
    - initiating presentation of an administrative dashboard comprising;
      
      information related to the assessmentaccess management controls; and
      
      exposure-application mapping information.
  - 12. The method of claim 8, further comprising:
    - transmitting instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems;
      
      receiving responses from the two or more control systems; and
      
      communicating information from the responses to an administrative system.
  - 13. The method of claim 8, further comprising:
    - initiating communication of information related to the assessment to one or more control owners associated with the one or more security controls.
  - 14. The method of claim 8, further comprising:
    - in response to the assessment, automatically initiating remedial actions.

15. A computer program product for monitoring usage of an application to identify characteristics and trigger security control, the computer program product comprising a non-transitory computer-readable medium comprising a set of code, that when executed by a processor cause the processor to:
- perform a query configured to identify any application calls performed in a predetermined period of time within the computing environment;
  
  for each identified application call, build a corresponding application characteristics entry in a database;
  
  for each identified application call, identify a plurality of characteristics of the called application;
  
  associate the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping;
  
  identify one or more security controls associated with each of the applications in the application mapping;
  
  associate the identified one or more security controls with the associated application characteristics entry in the application mapping; and
  
  automatically trigger assessment of an effectiveness of the one or more security controls in response to identifying a future application call.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the set of code further causes the processor to:
    - periodically perform subsequent queries; and
      
      add an additional application characteristics entry in the application mapping of the database.
  - 17. The computer program product of claim 15, wherein the set of code further causes the processor to:
    - automatically initiate a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
  - 18. The computer program product of claim 15, wherein the set of code further causes the processor to:
    - initiate presentation of an administrative dashboard comprising;
      
      information related to the assessmentaccess management controls; and
      
      exposure-application mapping information.
  - 19. The computer program product of claim 15, wherein the set of code further causes the processor to:
    - transmit instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems;
      
      receive responses from the two or more control systems; and
      
      communicate information from the responses to an administrative system.
  - 20. The computer program product of claim 15, wherein the set of code further causes the processor to:
    - initiate communication of information related to the assessment to one or more control owners associated with the one or more security controls.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
McDonald, Katherine, Boyd, Nicolette
Primary Examiner(s)
Mehedi, Morshed

Application Number

US15/881,218
Publication Number

US 20190236294A1
Time in Patent Office

795 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/54   by adding security routines...

G06F 21/552   involving long-term monitor...

G06F 21/6218   to a system of files or obj...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Monitoring usage of an application to identify characteristics and trigger security control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring usage of an application to identify characteristics and trigger security control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links