METHOD AND SYSTEM FOR EFFICIENT MANAGEMENT OF SECURITY THREATS IN A DISTRIBUTED COMPUTING ENVIRONMENT
First Claim
1. A computing system implemented method for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, comprising:
- monitoring, with a computing system, first operational characteristics of the first instance of the application,wherein the first instance of the application is hosted by a first virtual asset in a first computing environment,wherein the first computing environment is disposed in a first geographic region,wherein the first operational characteristics include a quantity of communication traffic between the first instance of the application and one or more external computing systems;
establishing an average for the first operational characteristics based at least partially on the first operational characteristics;
identifying a first deviation from the average for the first operational characteristics that is more than a first predetermined amount;
in response to identifying the first deviation from the average, retrieving second operational characteristics for at least one other instance of the application,wherein the at least one other instance of the application is hosted by one or more second virtual assets in one or more second computing environments,wherein the one or more second computing environments are disposed in one or more second geographic regions that are different than the first geographic region;
comparing the first operational characteristics to the second operational characteristics; and
reporting an identification of a potential security threat if the first operational characteristics differ from the second operational characteristics by more than a second predetermined amount.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for distributing security threat management of an instance of an application that is hosted from multiple geographic locations, according to one embodiment. The method and system include monitoring first operational characteristics of the instance of the application, and establishing an average for the first operational characteristics based at least partially on the first operational characteristics, according to one embodiment. The method and system include identifying a deviation from the average for the first operational characteristics that is more than a predetermined amount, according to one embodiment. The method and system include retrieving second operational characteristics for at least one other instance of the application and comparing the first operational characteristics to the second operational characteristics, according to one embodiment. The system and method include reporting an identification of a potential security threat, according to one embodiment.
-
Citations
32 Claims
-
1. A computing system implemented method for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, comprising:
-
monitoring, with a computing system, first operational characteristics of the first instance of the application, wherein the first instance of the application is hosted by a first virtual asset in a first computing environment, wherein the first computing environment is disposed in a first geographic region, wherein the first operational characteristics include a quantity of communication traffic between the first instance of the application and one or more external computing systems; establishing an average for the first operational characteristics based at least partially on the first operational characteristics; identifying a first deviation from the average for the first operational characteristics that is more than a first predetermined amount; in response to identifying the first deviation from the average, retrieving second operational characteristics for at least one other instance of the application, wherein the at least one other instance of the application is hosted by one or more second virtual assets in one or more second computing environments, wherein the one or more second computing environments are disposed in one or more second geographic regions that are different than the first geographic region; comparing the first operational characteristics to the second operational characteristics; and reporting an identification of a potential security threat if the first operational characteristics differ from the second operational characteristics by more than a second predetermined amount. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing system implemented method for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, comprising:
-
receiving, with a regional management computing system, a security threat policy from a global management computing system, wherein the security threat policy includes multiple patterns of operational characteristics for the first instance of the application, wherein each of the multiple patterns of operational characteristics is associated with one or more potential security threats against the first instance of the application; monitoring, with the regional management computing system, operational characteristics of the first instance of the application, wherein the first instance of the application is hosted by a first virtual asset in a first computing environment and the first instance of the application is different than at least one other instance of the application that is hosted by at least one other virtual asset in at least one other computing environment, wherein the first computing environment is located in a first geographic region and the at least one other computing environment is located in at least one other geographic region; comparing the operational characteristics of the first instance of the application to at least one of the multiple patterns of operational characteristics to detect the one or more potential security threats; and reporting an identification of the one or more potential security threats if the operational characteristics are similar to at least one of the multiple patterns of operational characteristics. - View Dependent Claims (15, 16)
-
-
17. A system for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, the system comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which, when executed by any set of the one or more processors, perform a process for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, the process including; monitoring, with a computing system, first operational characteristics of the first instance of the application, wherein the first instance of the application is hosted by a first virtual asset in a first computing environment, wherein the first computing environment is disposed in a first geographic region, wherein the first operational characteristics include a quantity of communication traffic between the first instance of the application and one or more external computing systems; establishing an average for the first operational characteristics based at least partially on the first operational characteristics; identifying a first deviation from the average for the first operational characteristics that is more than a first predetermined amount; in response to identifying the first deviation from the average, retrieving second operational characteristics for at least one other instance of the application, wherein the at least one other instance of the application is hosted by one or more second virtual assets in one or more second computing environments, wherein the one or more second computing environments are disposed in one or more second geographic regions that are different than the first geographic region; comparing the first operational characteristics to the second operational characteristics; and reporting an identification of a potential security threat if the first operational characteristics differ from the second operational characteristics by more than a second predetermined amount. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for distributing security threat management of a first instance of an application that is hosted from multiple geographic locations, the process including; receiving, with a regional management computing system, a security threat policy from a global management computing system, wherein the security threat policy includes multiple patterns of operational characteristics for the first instance of the application, wherein each of the multiple patterns of operational characteristics is associated with one or more potential security threats against the first instance of the application; monitoring, with the regional management computing system, operational characteristics of the first instance of the application, wherein the first instance of the application is hosted by a first virtual asset in a first computing environment and the first instance of the application is different than at least one other instance of the application that is hosted by at least one other virtual asset in at least one other computing environment, wherein the first computing environment is located in a first geographic region and the at least one other computing environment is located in at least one other geographic region; comparing the operational characteristics of the first instance of the application to at least one of the multiple patterns of operational characteristics to detect the one or more potential security threats; and reporting an identification of the one or more potential security threats if the operational characteristics are similar to at least one of the multiple patterns of operational characteristics. - View Dependent Claims (31, 32)
-
Specification