CONTAINMENT OF SECURITY THREATS WITHIN A COMPUTING ENVIRONMENT
First Claim
1. A method of operating an advisement system to provide security actions in a computing environment, the method comprising:
- identifying communication interactions between a plurality of computing assets in the computing environment;
after identifying the communication interactions, identifying a security incident in a first computing asset in the plurality of computing assets;
determining at least one security action to be taken against the security incident in the first computing asset;
identifying at least one related computing asset to the first computing asset based on the communication interactions; and
determining one or more secondary security actions to be taken against the security incident in the at least one related computing asset.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.
-
Citations
20 Claims
-
1. A method of operating an advisement system to provide security actions in a computing environment, the method comprising:
-
identifying communication interactions between a plurality of computing assets in the computing environment; after identifying the communication interactions, identifying a security incident in a first computing asset in the plurality of computing assets; determining at least one security action to be taken against the security incident in the first computing asset; identifying at least one related computing asset to the first computing asset based on the communication interactions; and determining one or more secondary security actions to be taken against the security incident in the at least one related computing asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable storage medium having instructions stored thereon, that when executed by an advisement computing system, direct the advisement computing system to perform a method of providing security actions in a computing environment, the method comprising:
-
identifying communication interactions between a plurality of computing assets in the computing environment; after identifying the communication interactions, identifying a security incident in a first computing asset in the plurality of computing assets; determining at least one security action to be taken against the security incident in the first computing asset; identifying at least one related computing asset to the first computing asset based on the communication interactions; and determining one or more secondary security actions to be taken against the security incident in the at least one related computing asset. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus to provide security actions in a computing environment, the apparatus comprising:
-
one or more computer readable storage media; processing instructions stored on the one or more computer readable media that, when executed by a processing system, direct the processing system to at least; identify a security incident in a first computing asset in a plurality of computing assets, wherein the first computing asset provides a service to one or more related computing assets in the plurality of computing assets; obtain enrichment information related to the security incident; identify a rule set based at least on the enrichment information; and determine security actions to be taken against the security incident based on the rule set, wherein the security actions comprise actions to prevent the first computing asset from initiating communications with other assets in the computing environment. - View Dependent Claims (18, 19, 20)
-
Specification