Systems and Methods for Cloud Security Monitoring and Threat Intelligence
First Claim
1. A cloud security system for monitoring and controlling the security of cloud application accounts comprising:
- memory containing;
an analytics application;
a seeder application; and
an analytics repository database; and
a processor;
wherein the processor is configured by the analytics application to;
generate a threat model using at least a first portion of stored activity data in the analytics repository database; and
identify, based upon the threat model, a threat using a second portion of stored activity data in the analytics repository database;
wherein the processor is further configured by the seeder application to;
select a security policy to implement in response to the identified threat;
identify cloud security controls in at least one remotely hosted cloud application server system to modify in accordance with the selected security policy;
establish a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application; and
send instructions to the at least one remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.
-
Citations
41 Claims
-
1. A cloud security system for monitoring and controlling the security of cloud application accounts comprising:
memory containing; an analytics application; a seeder application; and an analytics repository database; and a processor; wherein the processor is configured by the analytics application to; generate a threat model using at least a first portion of stored activity data in the analytics repository database; and identify, based upon the threat model, a threat using a second portion of stored activity data in the analytics repository database; wherein the processor is further configured by the seeder application to; select a security policy to implement in response to the identified threat; identify cloud security controls in at least one remotely hosted cloud application server system to modify in accordance with the selected security policy; establish a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application; and send instructions to the at least one remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
21. A method for monitoring and remediation of security threats to cloud applications, the method comprising:
-
generating a threat model using at least a first portion of stored activity data in an analytics repository database using a cloud security system; identifying, based upon the threat model, a threat using a second portion of stored activity data in the analytics repository database using the cloud security system; selecting a security policy to implement in response to the identified threat using the cloud security system; identifying cloud security controls in at least one remotely hosted cloud application server system to modify in accordance with the selected security policy using the cloud security system; establishing, using the cloud security system, a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application; and sending instructions to the at least one remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy using the cloud security system. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for monitoring and remediation of security threats to cloud applications, the method comprising:
-
collecting registration information from a tenant using a cloud security system, where the registration information includes an authorization token secured by encryption; establishing, using the cloud security system, a secure connection to a cloud application hosted by a cloud service provider using login credentials associated with a tenant account with the cloud application; collecting software defined security configuration data from the cloud service provider using the cloud security system, where the software defined security configuration data comprises information describing the configuration of security controls in the cloud application with respect to the tenant account; retrieving, using the cloud security system, activity data associated with the tenant account; storing the retrieved activity data in an analytics repository database using the cloud security system; generating a threat model using at least a first portion of stored activity data in the analytics repository database using the cloud security system; identifying, based upon the threat model, a threat using a second portion of stored activity data in the analytics repository database using the cloud security system; sending an alert containing information concerning the identified alert and recommended remediation actions; selecting a security policy to implement in response to the identified threat using the cloud security system; identifying cloud security controls in at least one remotely hosted cloud application server system to modify in accordance with the selected security policy using the cloud security system; establishing, using the cloud security system, a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application; and sending instructions to the at least one remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy using the cloud security system.
-
Specification