Method and system for improving security and reliability in a networked application environment
First Claim
1. One or more non-transitory computer-readable media including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of:
- discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within a distributed computing architecture;
determining, based on one or more classification criteria, a classification for the resource;
determining whether the classification corresponds to an existing record stored within a database, wherein the existing record includes an existing counter of a quantity of the resource deployed in the distributed computing architecture;
upon determining that the classification does not correspond to any existing record within the database, then;
initializing a first record that corresponds to the classification,initializing a first counter that is included in first record,incrementing the first counter, andstoring the first record in the database; and
when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit, publishing a first notification.
2 Assignments
0 Petitions
Accused Products
Abstract
A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.
195 Citations
40 Claims
-
1. One or more non-transitory computer-readable media including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within a distributed computing architecture; determining, based on one or more classification criteria, a classification for the resource; determining whether the classification corresponds to an existing record stored within a database, wherein the existing record includes an existing counter of a quantity of the resource deployed in the distributed computing architecture; upon determining that the classification does not correspond to any existing record within the database, then; initializing a first record that corresponds to the classification, initializing a first counter that is included in first record, incrementing the first counter, and storing the first record in the database; and when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit, publishing a first notification. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a memory storing instructions; and a processor that is couple to the memory and, when executing the instructions, is configured to perform the steps of; discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within a distributed computing architecture; determining, based on one or more classification criteria, a classification for the resource; determining whether the classification corresponds to an existing record stored within a database, wherein the existing record includes an existing counter of a quantity of the resource deployed in the distributed computing architecture; upon determining that the classification does not correspond to ay existing record within the database, then; initializing a first record that corresponds to the classification, initializing a first counter that is included in the first record, incrementing the first counter, and storing the first record in the database; and when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit, publishing a first notification. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and upon determining that the first security vulnerability is not listed within the database, then; initializing a first record that corresponds to the first security vulnerability, and storing the first record in the database;
orupon determining that the first security vulnerability is listed within the database, then updating an existing record, which is stored within the database and corresponds to the first security vulnerability, to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a first notification that the first security vulnerability was resolved. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system, comprising:
-
a memory storing instructions; and a processor that is coupled to the memory and, when executing the instructions, is configured to perform the steps of; scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and upon determining that the first security vulnerability is not listed within the database, then; initializing a first record that corresponds to the first security vulnerability, and storing the first record in the database;
orupon determining that the first security vulnerability is listed within the database, then updating an existing record, which is stored within the database and corresponds to the first security vulnerability to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a first notification that the first security vulnerability was resolved. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method, comprising:
-
discovering an access control list (ACL) associated with a distributed application executing on a plurality of compute nodes, wherein the ACL is stored within at least one memory element included in a distributed computing architecture; determining whether the ACL corresponds to a first record within a database; and upon determining that the ACL corresponds to a first an existing record within the database, then; determining that a configuration of the ACL differs from a configuration of the existing first record; and initializing, within the database, a first record that corresponds to the existing record, and has the configuration of the ACL;
orupon determining that the ACL does not correspond to a first any existing record within the database, then initializing a second the first record within the database that corresponds to the ACL, and has the configuration of the ACL. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. One or more non-transitory computer-readable media including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
discovering an access control list (ACL) associated with a distributed application executing on a plurality of compute nodes, wherein the ACL is stored within at least one memory element included in a distributed computing architecture; determining whether the ACL corresponds to a first record within a database; and upon determining that the ACL corresponds to a first an existing record within the database, then; determining that a configuration of the ACL differs from a configuration of the existing record; and initializing, within the database, a first record that corresponds to the existing record, and has the configuration of the ACL;
orupon determining that the ACL does not correspond to any existing record within the database, then initializing the first record within the database that corresponds to the ACL, and has the configuration of the ACL. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification