Managing requests for security services
First Claim
1. A computer-implemented method for analyzing network security from a remote geographic location, the method comprising:
- accessing, by or more physical computing systems under control of a program execution service, a request from a user of a computing service to analyze a target network located at the remote geographic location from the computing service, the computing service comprising a plurality of computing nodes, the request received via a computing interface;
automatically allocating, by the one or more physical computing systems, a computing node from the plurality of computing nodes of the computing service at the remote geographic location from the target network in response to the user'"'"'s request, the computing node configured to analyze network security of the target network at the remote geographic location from the computing service;
automatically establishing, by the one or more physical computing systems, a secure connection between the allocated computing node and a location within the target network, the secure connection providing the allocated computing node with network access to the target network at least substantially similar to network access provided to a computing node located at the location, the allocated computing node configured to gather network security data from the target network using the secure connection; and
automatically determining, by the one or more physical computing systems, a security status of the target network based at least partly on the network security data gathered by the allocated computing node using the secure connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of systems and methods are described for managing requests for security services to a provider of computing resources. In some implementations, a user can request that security services be provided to analyze or test a target network. For example, the user can request that security services conduct penetration testing of the target network in order to detect vulnerabilities with the target network'"'"'s security infrastructure or configuration. The computing resource provider can dynamically provide the security services to the target network, for example, by instantiating one or more virtual machines that begin security testing of the target network in response to the user'"'"'s request. In some embodiments, the provider of the security services may instantiate a security virtual machine instance (VMI) that can be connected to a customer'"'"'s network using a secure connection, such as a virtual private network. The virtual machine instance can be physically located outside the customer'"'"'s network while functioning as part of the customer'"'"'s network. Thus, the security VMI can test security from either outside the network or from inside the network. In some embodiments, the VMI may test at multiple locations of the customer'"'"'s network, for example, by establishing connections to multiple locations on the customer network.
-
Citations
33 Claims
-
1. A computer-implemented method for analyzing network security from a remote geographic location, the method comprising:
-
accessing, by or more physical computing systems under control of a program execution service, a request from a user of a computing service to analyze a target network located at the remote geographic location from the computing service, the computing service comprising a plurality of computing nodes, the request received via a computing interface; automatically allocating, by the one or more physical computing systems, a computing node from the plurality of computing nodes of the computing service at the remote geographic location from the target network in response to the user'"'"'s request, the computing node configured to analyze network security of the target network at the remote geographic location from the computing service; automatically establishing, by the one or more physical computing systems, a secure connection between the allocated computing node and a location within the target network, the secure connection providing the allocated computing node with network access to the target network at least substantially similar to network access provided to a computing node located at the location, the allocated computing node configured to gather network security data from the target network using the secure connection; and automatically determining, by the one or more physical computing systems, a security status of the target network based at least partly on the network security data gathered by the allocated computing node using the secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system configured to manage requests for security testing of a target network, the system comprising:
-
a computer memory configured to store one or more program modules for managing requests for security testing by a computing service, the computing service comprising a plurality of computing nodes; and a security services manager configured to communicate with the computer memory and to execute the one or more program modules stored in the computer memory, the security services manager implemented by a physical computing system, the program modules configured to; access, by the physical computing system, a request from a user of the computing service for security testing for a target network located at a remote geographic location from the computing service; automatically, by the physical computing system, allocate a computing node from the plurality of computing nodes of the computing service at the remote geographic location from the target network in response to the user'"'"'s request, the computing node configured to analyze network security; automatically establish, by the physical computing system, one or more connections between the allocated computing node and one or more locations within the target network, the allocated computing node configured to gather network security data from the target network using the secure connection; and automatically determine, by the physical computing system, a security status of the target network based at least partly on the network security data gathered by the allocated computing node using the secure connection. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-implemented method for analyzing network security from a remote geographic location, the method comprising:
-
accessing, by one or more physical computing systems under control of a program execution service, a request from a user of a computing service to analyze a target network located at the remote geographic location from the computing service, the computing service comprising a plurality of computing nodes, the request received via a computing interface; dynamically allocating, by the one or more physical computing systems, a computing node from the plurality of computing nodes of the computing service at the remote geographic location from the target network in response to the user'"'"'s request, the computing node configured to analyze security of the target network at the remote geographic location from the computing service; automatically establishing, by the one or more physical computing systems, a first secure connection between the allocated computing node and a first location on the target network and the allocated computing node, the allocated computing node configured to gather network security data from the target network using the first secure connection; generating first network security data by accessing the target network at the first location with the allocated computing node through the first secure connection; automatically establishing, by the one or more physical computing systems, a second secure connection between the allocated computing node and a second location on the target network, wherein the allocated computing node is configured to gather network security data from the target network using the second secure connection, and wherein the second location is different from the first location; generating second network security data by accessing the target network at the second location with the allocated computing node through the second secure connection; and determining, by the one or more physical computing systems, a security status of the target network based at least partly on the first network data and second network data. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A non-transitory computer-readable medium having stored thereon instructions that, when executed by a computer system, cause the computer system to:
-
access a request from a user of a computing service to analyze a target network located at a remote geographic location from the computing service, the computing service comprising a plurality of computing nodes; allocate one or more computing nodes from the plurality of computing nodes at the computing service in response to the user'"'"'s request, the one or more computing nodes configured to analyze security of the target network; establish connections between the allocated one or more computing nodes and multiple locations inside the target network, the allocated one or more computing nodes configured to gather network security data from the target network using the secure connection; and determine a security status of the target network based at least partly on the network security data gathered by the allocated one or more computing nodes using the secure connection. - View Dependent Claims (31, 32, 33)
-
Specification