IDENTIFYING AND REMEDIATING AT-RISK RESOURCES IN A COMPUTING ENVIRONMENT

US 20170279844A1
Filed: 03/24/2016
Published: 09/28/2017
Est. Priority Date: 03/24/2016
Status: Active Grant

First Claim

Patent Images

1. A method of identifying and remediating at-risk resources in a computing environment, comprising:

periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment;

identifying, by the computer system, an intrusion event in the computing environment;

determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and

performing, by the computer system, remediation action for the at-risk resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems of identifying and remediating at-risk resources in a computing environment are provided. A method includes periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment. The method also includes: identifying, by the computer system, an intrusion event in the computing environment; determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and performing, by the computer system, remediation action for the at-risk resources.

Citations

20 Claims

1. A method of identifying and remediating at-risk resources in a computing environment, comprising:
- periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment;
  
  identifying, by the computer system, an intrusion event in the computing environment;
  
  determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and
  
  performing, by the computer system, remediation action for the at-risk resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each of the respective infrastructure topologies defines resources that are accessible to one another within the computing environment at a respective time.
  - 3. The method of claim 2, wherein the determining the at-risk resources comprises determining the corresponding one of the infrastructure topologies by correlating an intrusion time of the intrusion event to one of the respective times associated with the respective infrastructure topologies.
  - 4. The method of claim 3, wherein the determining the at-risk resources further comprises determining, using the corresponding one of the infrastructure topologies, a set of resources in the computing environment that were accessible by a resource where the intrusion event occurred.
  - 5. The method of claim 1, wherein the periodically determining respective infrastructure topologies is based on at least one of:
    - network communication attempts;
      
      software defined topology;
      
      account access; and
      
      maps of distributed states.
  - 6. The method of claim 1, wherein the intrusion event is identified by one of:
    - administrator declaration; and
      
      intrusion detection software.
  - 7. The method of claim 1, wherein the identifying the intrusion event includes identifying an intrusion time and an intrusion location based on at least one of:
    - file creation times;
      
      process run times; and
      
      account activity logs.
  - 8. The method of claim 1, wherein the preforming the remediation action includes at least one of:
    - transmitting a message to an administrator identifying the determined at-risk resources; and
      
      altering the computing environment to isolate the determined at-risk resources.
  - 9. The method of claim 1, further comprising re-arranging the computing environment from a first one of the respective infrastructure topologies to a second one of the respective infrastructure topologies, wherein the re-arranging is controlled by a network management module of the computer system using at least one of software-defined networking and software-defined storage.
  - 10. The method of claim 1, wherein:
    - the computing environment comprises a cloud computing environment comprising cloud resources;
      
      the cloud resources each comprise one of a server, storage device, and routing device in the cloud computing environment; and
      
      the computer system comprises a network management server connected to the cloud computing environment.

11. A system, comprising:
- a computing environment comprising resources that are re-arranged into different topologies over time; and
  
  a server connected to the computing environment and configured to;
  
  periodically determine a respective topology of the computing environment;
  
  identify an intrusion event in the computing environment;
  
  determine at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the determined topologies; and
  
  perform remediation action for the determined at-risk resources.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein each of the determined topologies defines resources that are accessible to one another within the computing environment at a respective time.
  - 13. The system of claim 12, wherein the determining the at-risk resources comprises determining the corresponding one of the determined topologies by correlating an intrusion time of the intrusion event to one of the respective times associated with the respective determined topologies.
  - 14. The system of claim 13, wherein the determining the at-risk resources further comprises determining, using the corresponding one of the determined topologies, a set of resources in the computing environment that were accessible by a resource where the intrusion event occurred.
  - 15. The system of claim 11, wherein a network management module of the server is configured to re-arrange the computing environment from a first one of the respective topologies to a second one of the respective topologies using at least one of software-defined networking and software-defined storage.

16. A computer program product for identifying and remediating at-risk resources in a computing environment, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions being executable by a computer device to cause the computer device to:
- periodically determine a respective topology of a computing environment comprising a number of reconfigurable resources, wherein the topology defines which of the resources have access to one another within the computing environment at a given time;
  
  identify an intrusion event including an intrusion time and an intrusion location in the computing environment;
  
  determine at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the determined topologies; and
  
  perform remediation action for the determined at-risk resources including at least one of;
  
  transmitting a message to an administrator identifying the determined at-risk resources;
  
  and altering the computing environment to isolate the determined at-risk resources.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the determining the at-risk resources comprises determining the corresponding one of the determined topologies by correlating the intrusion time of the intrusion event to one of the respective times associated with the respective determined topologies.
  - 18. The computer program product of claim 17, wherein the determining the at-risk resources further comprises determining, using the corresponding one of the determined topologies, a set of resources in the computing environment that were accessible by a resource at the intrusion location.
  - 19. The computer program product of claim 16, wherein the computing environment is configured to be re-arranged from a first one of the respective topologies to a second one of the respective topologies using at least one of software-defined networking and software-defined storage.
  - 20. The computer program product of claim 16, wherein the periodically determining the respective topologies is based on at least one of:
    - network communication attempts;
      
      software defined topology;
      
      account access; and
      
      maps of distributed states.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Enterprise Solutions (Singapore) Pte., Ltd. (Lenovo Group Ltd.)
Original Assignee
Lenovo Enterprise Solutions (Singapore) Pte., Ltd. (Lenovo Group Ltd.)
Inventors
BOWER, III, Fred Allison, CUDAK, Gary David, DHOLAKIA, Ajay, HOLLAND, William Gavin, KELSO, Scott

Granted Patent

US 10,764,321 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06N 5/04   Inference or reasoning models

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

IDENTIFYING AND REMEDIATING AT-RISK RESOURCES IN A COMPUTING ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTIFYING AND REMEDIATING AT-RISK RESOURCES IN A COMPUTING ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links