Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment
First Claim
1. A system for virtual asset assisted extrusion detection in a cloud computing environment comprising:
- one or more processors; and
at least one memory coupled to at least one of the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for virtual asset assisted extrusion detection in a cloud computing environment, the process for virtual asset assisted extrusion detection in a cloud computing environment including;
providing a cloud computing environment, the cloud computing environment including one or more virtual assets;
transforming at least one of the one or more of the virtual assets into an extrusion detection capable virtual asset by providing one or more analysis trigger monitoring systems to respective ones of the one or more of the virtual assets;
defining one or more analysis trigger parameters, at least one of the analysis trigger parameters including a delay threshold representing a delay between successive messages sent by the virtual asset that is shorter in duration than a normal duration of delays between transmission of transmissions by a virtual asset, wherein the durations of delays that are shorter than the delay threshold are identified as potential security threats;
generating analysis trigger data representing the analysis trigger parameters;
providing at least part of the analysis trigger data to the one or more analysis trigger monitoring systems of the extrusion detection capable virtual asset;
detecting, by using the one or more analysis trigger monitoring systems and the analysis trigger data, at least one message associated with one or more of the one or more analysis trigger parameters;
classifying one or more portions of the detected at least one message as being suspect, the classified portions of the detected message correlating with at least one of the analysis trigger parameters;
assigning a threat score to the suspect message at least partially based on a potential impact of the suspect message'"'"'s potential security threat on the extrusion detection capable virtual asset;
enabling, by providing the threat score to the extrusion detection capable virtual asset, the extrusion detection capable virtual asset to secure against the suspect message;
for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and
transferring the suspect message, copy data to one or more analysis systems for further analysis.
0 Assignments
0 Petitions
Accused Products
Abstract
An analysis trigger monitoring system is provided in one or more virtual assets. One or more analysis trigger parameters, including security threat patterns, are defined and analysis trigger data is generated. The one or more analysis trigger monitoring systems are used to monitor at least a portion of the message traffic sent to, or sent from, the one or more virtual assets to detect any message including one or more of the one or more analysis trigger parameters. Any detected message is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel.
-
Citations
35 Claims
-
1. A system for virtual asset assisted extrusion detection in a cloud computing environment comprising:
-
one or more processors; and at least one memory coupled to at least one of the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for virtual asset assisted extrusion detection in a cloud computing environment, the process for virtual asset assisted extrusion detection in a cloud computing environment including; providing a cloud computing environment, the cloud computing environment including one or more virtual assets; transforming at least one of the one or more of the virtual assets into an extrusion detection capable virtual asset by providing one or more analysis trigger monitoring systems to respective ones of the one or more of the virtual assets; defining one or more analysis trigger parameters, at least one of the analysis trigger parameters including a delay threshold representing a delay between successive messages sent by the virtual asset that is shorter in duration than a normal duration of delays between transmission of transmissions by a virtual asset, wherein the durations of delays that are shorter than the delay threshold are identified as potential security threats; generating analysis trigger data representing the analysis trigger parameters; providing at least part of the analysis trigger data to the one or more analysis trigger monitoring systems of the extrusion detection capable virtual asset; detecting, by using the one or more analysis trigger monitoring systems and the analysis trigger data, at least one message associated with one or more of the one or more analysis trigger parameters; classifying one or more portions of the detected at least one message as being suspect, the classified portions of the detected message correlating with at least one of the analysis trigger parameters; assigning a threat score to the suspect message at least partially based on a potential impact of the suspect message'"'"'s potential security threat on the extrusion detection capable virtual asset; enabling, by providing the threat score to the extrusion detection capable virtual asset, the extrusion detection capable virtual asset to secure against the suspect message; for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and transferring the suspect message, copy data to one or more analysis systems for further analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for virtual asset assisted intrusion detection in a cloud computing environment comprising:
-
one or more processors; and at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for virtual asset assisted intrusion detection in a cloud computing environment, the process for virtual asset assisted intrusion detection in a cloud computing environment including; providing a cloud computing environment, the cloud computing environment including one or more virtual assets; transforming at least one of the one or more of the virtual assets into an intrusion detection capable virtual asset by providing one or more analysis trigger monitoring systems to at least one of the one or more of the virtual assets; defining one or more analysis trigger parameters, at least one of the analysis trigger parameters including a delay threshold representing a delay between successive messages sent by the virtual asset that is shorter in duration than a normal duration of delays between transmission of transmissions by a virtual asset, wherein the durations of delays that are shorter than the delay threshold are identified as potential security threats; generating analysis trigger data representing the analysis trigger parameters; providing at least part of the analysis trigger data to the one or more analysis trigger monitoring systems of the intrusion detection capable virtual asset; using the one or more analysis trigger monitoring systems and the analysis trigger data to monitor at least a portion of message traffic sent to the intrusion detection capable virtual asset to detect any message including one or more of the one or more analysis trigger parameters; classifying portions of any detected message as a suspect message, when the portions of the detected message correlate with at least one of the analysis trigger parameters; assigning a threat score to the suspect message at least partially based on the suspect message'"'"'s potential impact on the intrusion detection capable virtual asset; providing the threat score to the intrusion detection capable virtual asset to enable the intrusion detection capable virtual asset to secure against the suspect message; for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and transferring the suspect message copy data to one or more analysis systems for further analysis. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for virtual asset assisted extrusion detection in a cloud computing environment comprising:
-
a cloud computing environment, the cloud computing environment including one or more virtual assets; a network communications circuit, the network communications circuit receiving message traffic sent from any of the one or more virtual assets; a network communications channel through which all the message traffic sent from the one or more virtual assets is relayed through the network communications circuit; at least one extrusion detection capable virtual asset created by combining one or more analysis trigger software monitoring systems with at least one of the one or more virtual assets; at least one message analysis communications channel that is distinct from the network communications channel for transferring suspect message copy data to the one or more analysis systems for further analysis; one or more processors; and at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for virtual asset assisted extrusion detection in a cloud computing environment, the process for virtual asset assisted extrusion detection in a cloud computing environment including; defining one or more analysis trigger parameters, at least one of the analysis trigger parameters including a delay threshold representing a delay between successive messages sent by the virtual asset that is shorter in duration than a normal duration of delays between transmission of transmissions by a virtual asset, wherein the durations of delays that are shorter than the delay threshold are identified as potential security threats; generating analysis trigger data representing the analysis trigger parameters; providing at least part of the analysis trigger data to the one or more analysis trigger software monitoring systems of the extrusion detection capable virtual asset; using the one or more analysis trigger software monitoring systems and the analysis trigger data to monitor at least a portion of the message traffic sent from the extrusion detection capable virtual asset to detect any message including one or more of the one or more analysis trigger parameters; classifying portions of any detected message as a suspect message, when the portions of the detected message correlate with at least one of the analysis trigger parameters; assigning a threat score to the suspect message at least partially based on the suspect message'"'"'s potential impact on the extrusion detection capable virtual asset; providing the threat score to the extrusion detection capable virtual asset to enable the extrusion detection capable virtual asset to secure against the suspect message; for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and using the message analysis communications channel to transfer the suspect message copy data to one or more of the one or more analysis systems for further analysis. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification