SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY
First Claim
1. A method for presenting a data center level runtime operational integrity dashboard and remediation controls for infected systems in a display of a computing platform having a network trust agent, an endpoint trust agent, and a trust orchestrator, the method comprising:
- receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors;
displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics;
providing, manual or automated remediation controls for threat containment and risk mitigation by performing one or more of;
taking a snapshot of the infected system,restoring or reimaging the infected system from a trusted baseline configuration,quarantining the infected system from a network fabric, diverting users from the infected system,diverting transactions from the infected system, and diverting traffic from the infected system;
displaying, in the GUI, a status and progress of initiated remediation actions; and
displaying, in the GUI, details of malware analytics comprising one or more of;
infection summaries,infection diagnosis,threat categorization and identification based on a signature-less infection life-cycle model,an address and geo-location for a source or attacker,an identification of one or more infected victims,forensic evidence chain of detected malicious activities and intent, andcompute, memory, storage and network level anomalies detected on the victim machine or infected system.
3 Assignments
0 Petitions
Accused Products
Abstract
Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI.
-
Citations
14 Claims
-
1. A method for presenting a data center level runtime operational integrity dashboard and remediation controls for infected systems in a display of a computing platform having a network trust agent, an endpoint trust agent, and a trust orchestrator, the method comprising:
-
receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors; displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics; providing, manual or automated remediation controls for threat containment and risk mitigation by performing one or more of; taking a snapshot of the infected system, restoring or reimaging the infected system from a trusted baseline configuration, quarantining the infected system from a network fabric, diverting users from the infected system, diverting transactions from the infected system, and diverting traffic from the infected system; displaying, in the GUI, a status and progress of initiated remediation actions; and displaying, in the GUI, details of malware analytics comprising one or more of; infection summaries, infection diagnosis, threat categorization and identification based on a signature-less infection life-cycle model, an address and geo-location for a source or attacker, an identification of one or more infected victims, forensic evidence chain of detected malicious activities and intent, and compute, memory, storage and network level anomalies detected on the victim machine or infected system. - View Dependent Claims (2, 3)
-
-
4. A method of orchestrating runtime operational integrity of a system executing on a computing platform using a network analyzer, an endpoint trust agent, a trust broker, a trust orchestrator and a plurality of network endpoint assessments, the method comprising:
-
determining, by the network analyzer, anomalies based on network activity correlation and network malware detection; determining, by the trust broker, system configuration anomalies based on system level normalization and collation of assessments; determining, by the endpoint trust agent, resource utilization anomalies based on rulesets or alert expressions associated with processor, memory, and network resource usage; determining, by the endpoint trust agent, at least one application integrity anomaly based on rulesets or alert expressions associated with static and dynamic image analysis; correlating, by the trust orchestrator, network activity and endpoint events and behaviors characterized through continuous local and remote monitoring of network endpoints for risk analysis and detection of infected systems; and mitigating, by the trust orchestrator, an infected system using inputs received from a real time threat visualization dashboard to implement flow level or transaction level remediation controls.
-
-
5. A method of providing runtime operational integrity of an application and a system using a computing platform comprising a network trust agent, an endpoint trust agent, an event and behavior correlation engine, and a trust orchestration server, the method comprising:
-
monitoring, by a plurality of sensory inputs, one or more of network activity, system configuration for a system the application is executing on, resource utilization by the application, and integrity of the application; correlating, by the event and behavior correlation engine, risk based on the monitoring; and displaying, in a plurality of runtime dashboards of an administrative console of the computing platform, real time status indications for operational integrity of the system and application. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system for orchestrating and displaying reputation scoring of a subject, the system comprising:
-
a display; a reputation broker configured to; process a query from a service provider for a reputation score of the subject, and dispatch a request to generate a hierarchical reputation score for the subject; a display module configured to render a graphical user interface (GUI) for an administration console comprising a plurality of dashboards in the display; a trust orchestrator configured to; process a received request from the reputation broker for a hierarchical reputation score by; initiating a plurality of directed queries to information management systems external to an organization to interrogate attributes associated with the subject, analyzing received query responses, receiving a generated hierarchical reputation score for the subject based on a calculus of risk; and sending the received hierarchical reputation score for the subject to the reputation broker; receive a reputation token from the reputation broker for the subject in response to the dispatched request; and send the reputation token to the service provider as a response to the query. - View Dependent Claims (11, 12, 13, 14)
-
Specification