SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY

US 20130298243A1
Filed: 07/27/2012
Published: 11/07/2013
Est. Priority Date: 05/01/2012
Status: Active Grant

First Claim

Patent Images

1. A method for presenting a data center level runtime operational integrity dashboard and remediation controls for infected systems in a display of a computing platform having a network trust agent, an endpoint trust agent, and a trust orchestrator, the method comprising:

receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors;

displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics;

providing, manual or automated remediation controls for threat containment and risk mitigation by performing one or more of;

taking a snapshot of the infected system,restoring or reimaging the infected system from a trusted baseline configuration,quarantining the infected system from a network fabric, diverting users from the infected system,diverting transactions from the infected system, and diverting traffic from the infected system;

displaying, in the GUI, a status and progress of initiated remediation actions; and

displaying, in the GUI, details of malware analytics comprising one or more of;

infection summaries,infection diagnosis,threat categorization and identification based on a signature-less infection life-cycle model,an address and geo-location for a source or attacker,an identification of one or more infected victims,forensic evidence chain of detected malicious activities and intent, andcompute, memory, storage and network level anomalies detected on the victim machine or infected system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI.

Citations

14 Claims

1. A method for presenting a data center level runtime operational integrity dashboard and remediation controls for infected systems in a display of a computing platform having a network trust agent, an endpoint trust agent, and a trust orchestrator, the method comprising:
- receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors;
  
  displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics;
  
  providing, manual or automated remediation controls for threat containment and risk mitigation by performing one or more of;
  
  taking a snapshot of the infected system,restoring or reimaging the infected system from a trusted baseline configuration,quarantining the infected system from a network fabric, diverting users from the infected system,diverting transactions from the infected system, and diverting traffic from the infected system;
  
  displaying, in the GUI, a status and progress of initiated remediation actions; and
  
  displaying, in the GUI, details of malware analytics comprising one or more of;
  
  infection summaries,infection diagnosis,threat categorization and identification based on a signature-less infection life-cycle model,an address and geo-location for a source or attacker,an identification of one or more infected victims,forensic evidence chain of detected malicious activities and intent, andcompute, memory, storage and network level anomalies detected on the victim machine or infected system.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the risk indicators are color-coded.
  - 3. The method of claim 1, wherein the runtime operational integrity comprises execution anomalies and a threat posture.

4. A method of orchestrating runtime operational integrity of a system executing on a computing platform using a network analyzer, an endpoint trust agent, a trust broker, a trust orchestrator and a plurality of network endpoint assessments, the method comprising:
- determining, by the network analyzer, anomalies based on network activity correlation and network malware detection;
  
  determining, by the trust broker, system configuration anomalies based on system level normalization and collation of assessments;
  
  determining, by the endpoint trust agent, resource utilization anomalies based on rulesets or alert expressions associated with processor, memory, and network resource usage;
  
  determining, by the endpoint trust agent, at least one application integrity anomaly based on rulesets or alert expressions associated with static and dynamic image analysis;
  
  correlating, by the trust orchestrator, network activity and endpoint events and behaviors characterized through continuous local and remote monitoring of network endpoints for risk analysis and detection of infected systems; and
  
  mitigating, by the trust orchestrator, an infected system using inputs received from a real time threat visualization dashboard to implement flow level or transaction level remediation controls.

5. A method of providing runtime operational integrity of an application and a system using a computing platform comprising a network trust agent, an endpoint trust agent, an event and behavior correlation engine, and a trust orchestration server, the method comprising:
- monitoring, by a plurality of sensory inputs, one or more of network activity, system configuration for a system the application is executing on, resource utilization by the application, and integrity of the application;
  
  correlating, by the event and behavior correlation engine, risk based on the monitoring; and
  
  displaying, in a plurality of runtime dashboards of an administrative console of the computing platform, real time status indications for operational integrity of the system and application.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein the monitoring is performed continuously.
  - 7. The method of claim 5, wherein the event and behavior correlation engine receives one or more of:
    - system events and infection profiles from the network activity sensor;
      
      integrity measurement and verification reports of scans from the system configuration sensor;
      
      system events pertaining to processor, network, memory, and storage resource consumption from the resource utilization sensor; and
      
      system events pertaining to image profiles and local execution context from the application integrity sensor.
  - 8. The method of claim 7, wherein the scans are performed as per a schedule, and wherein the schedule is one or more of hourly, daily, weekly, bi-weekly, or monthly.
  - 9. The method of claim 5, wherein the plurality of runtime dashboards comprise one or more of:
    - a global view dashboard;
      
      a system configuration dashboard;
      
      a resource utilization dashboard;
      
      an application integrity dashboard; and
      
      a network activity dashboard.

10. A system for orchestrating and displaying reputation scoring of a subject, the system comprising:
- a display;
  
  a reputation broker configured to;
  
  process a query from a service provider for a reputation score of the subject, anddispatch a request to generate a hierarchical reputation score for the subject;
  
  a display module configured to render a graphical user interface (GUI) for an administration console comprising a plurality of dashboards in the display;
  
  a trust orchestrator configured to;
  
  process a received request from the reputation broker for a hierarchical reputation score by;
  
  initiating a plurality of directed queries to information management systems external to an organization to interrogate attributes associated with the subject,analyzing received query responses,receiving a generated hierarchical reputation score for the subject based on a calculus of risk; and
  
  sending the received hierarchical reputation score for the subject to the reputation broker;
  
  receive a reputation token from the reputation broker for the subject in response to the dispatched request; and
  
  send the reputation token to the service provider as a response to the query.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the wherein the query is received at a reputation broker configured to forward the query to the trust broker, and wherein the query can be created, displayed, edited, and submitted using a dashboard of the administration console.
  - 12. The system of claim 10, wherein the wherein the response is displayed in a dashboard of the administration console.
  - 13. The system of claim 10, wherein the hierarchical reputation is graphically depicted in a dashboard of the administration console.
  - 14. The system of claim 10, wherein plurality of dashboards comprise one or more of:
    - a global view dashboard;
      
      a system configuration dashboard;
      
      a resource utilization dashboard;
      
      an application integrity dashboard; and
      
      a network activity dashboard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Taasera Licensing LLC (Quest Patent Research Corporation)
Original Assignee
Taasera, Inc. (Full Circle Investments, Inc.)
Inventors
KUMAR, Srinivas, Pollutro, Dennis

Granted Patent

US 8,990,948 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/564   by virus signature recognition

H04L 63/0209   Architectural arrangements,...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 67/10   in which an application is ...

SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links