Systems and apparatuses for architecture assessment and policy enforcement
First Claim
1. A method for asset architecture evaluation and security enforcement within an enterprise computing platform, the method comprising:
- causing transmission, by a component scanner, of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine;
receiving an indication that there have been changes to a current architecture of the asset;
generating a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including both the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset;
dynamically evaluating, by risk evaluation circuitry and in near-real-time using one or more machine learning algorithms, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform;
in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps;
generating a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps; and
causing transmission, by the component scanner and to the component agent residing on the asset, of the report regarding the proposed architecture.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments are disclosed herein for asset architecture evaluation and security enforcement within an enterprise computing platform. One example method includes receiving a proposed architecture for evaluation, wherein the proposed architecture for evaluation relates to integration of an asset into the enterprise computing platform. This example method further includes dynamically evaluating, by risk evaluation circuitry, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform. In addition, the example method includes, in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps. The example method further includes generating a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps. Corresponding apparatuses and computer program products are also provided.
42 Citations
15 Claims
-
1. A method for asset architecture evaluation and security enforcement within an enterprise computing platform, the method comprising:
-
causing transmission, by a component scanner, of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine; receiving an indication that there have been changes to a current architecture of the asset; generating a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including both the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset; dynamically evaluating, by risk evaluation circuitry and in near-real-time using one or more machine learning algorithms, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform; in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps; generating a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps; and causing transmission, by the component scanner and to the component agent residing on the asset, of the report regarding the proposed architecture. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for asset architecture evaluation and security enforcement within an enterprise computing platform, the apparatus comprising at least one processor and at least one memory storing computer-executable instructions, that, when executed by the at least one processor, cause the apparatus to:
-
cause transmission of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine; receive an indication that there have been changes to a current architecture of the asset; generate a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset; dynamically evaluate, in near-real-time using one or more machine learning algorithms, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform; in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determine changes to the proposed architecture that would remediate the identified security gaps; generate a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps; and cause transmission of the report regarding the proposed architecture to the component agent residing on the asset. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for asset architecture evaluation and security enforcement within an enterprise computing platform, the apparatus comprising:
-
means for causing transmission of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine; means for receiving an indication that there have been changes to a current architecture of the asset; means for generating a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset; means for dynamically evaluating, in near-real-time using one or more machine learning algorithms, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform; means for, in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining changes to the proposed architecture that would remediate the identified security gaps; means for generating a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps; and means for causing transmission of the report regarding the proposed architecture to the component agent residing on the asset. - View Dependent Claims (12, 13, 14, 15)
-
Specification