Microsegmented networks that implement vulnerability scanning
First Claim
1. A system comprising:
- a memory;
one or more processors;
a plurality of microsegmented environments, each of the plurality of microsegmented environments comprising a hypervisor, an enforcement point comprising an active probe device, and a plurality of virtual machines each implementing at least one microservice component, the plurality of microsegmented environments collectively providing a microservice, each of the plurality of microsegmented environments providing a portion of the microservice; and
a cloud data center server coupled with the plurality of microsegmented environments over a network, the cloud data center server comprising;
a security controller providing a security policy to each of the plurality of microsegmented environments, the security policy being configured using the microservice; and
an active probe controller requesting each active probe device of the plurality of microsegmented environments to perform a respective vulnerability scan of a plurality of vulnerability scans, the vulnerability scans including packet insertion and/or modification, the vulnerability scans being performed concurrently, the vulnerability scans performed on the plurality of microsegmented environments collectively providing the microservice, the vulnerability scans occurring in parallel on the plurality of virtual machines implementing at least one microservice component, the active probe device identifying an affected microsegmented environment for remediation when a vulnerability is detected.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems for providing vulnerability scanning within distributed microservices are provided herein. In some embodiments, a system includes a plurality of microsegmented environments that each includes a hypervisor, an enforcement point that has an active probe device, and a plurality of virtual machines that each implements at least one microservice. The system also has a cloud data center server coupled with the plurality of microsegmented environments over a network. The cloud data center server has a security controller configured to provide a security policy to each of the plurality of microsegmented environments and an active probe controller configured to cause the active probe device of the plurality of microsegmented environments to execute a vulnerability scan.
149 Citations
18 Claims
-
1. A system comprising:
-
a memory; one or more processors; a plurality of microsegmented environments, each of the plurality of microsegmented environments comprising a hypervisor, an enforcement point comprising an active probe device, and a plurality of virtual machines each implementing at least one microservice component, the plurality of microsegmented environments collectively providing a microservice, each of the plurality of microsegmented environments providing a portion of the microservice; and a cloud data center server coupled with the plurality of microsegmented environments over a network, the cloud data center server comprising; a security controller providing a security policy to each of the plurality of microsegmented environments, the security policy being configured using the microservice; and an active probe controller requesting each active probe device of the plurality of microsegmented environments to perform a respective vulnerability scan of a plurality of vulnerability scans, the vulnerability scans including packet insertion and/or modification, the vulnerability scans being performed concurrently, the vulnerability scans performed on the plurality of microsegmented environments collectively providing the microservice, the vulnerability scans occurring in parallel on the plurality of virtual machines implementing at least one microservice component, the active probe device identifying an affected microsegmented environment for remediation when a vulnerability is detected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
establishing a plurality of microsegmented environments within a cloud data center, each of the plurality of microsegmented environments comprising a hypervisor, an enforcement point comprising an active probe device, and a plurality of virtual machines each implementing at least one microservice component, the plurality of microsegmented environments collectively providing a microservice, each of the plurality of microsegmented environments providing a portion of the microservice; provisioning each of the plurality of microsegmented environments with a security policy, the security policy being configured using the microservice; and performing a vulnerability scan on each of the plurality of microsegmented environments using a respective active probe device, the vulnerability scans including packet insertion and/or modification, the vulnerability scans being performed concurrently, the vulnerability scans performed on the plurality of microsegmented environments collectively providing the microservice, the vulnerability scans occurring in parallel on the plurality of virtual machines implementing at least one microservice component, the active probe device identifying an affected microsegmented environment for remediation when a vulnerability is detected. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification