Techniques for cloud security monitoring and threat intelligence
First Claim
1. A cloud security system for monitoring and controlling security of accounts for cloud applications, the cloud security system comprising:
- memory storing;
an analytics application;
a seeder application; and
an analytics repository database; and
a processor;
wherein the processor is configured by the analytics application to;
generate a threat model using at least a first portion of stored activity data in the analytics repository database, wherein the stored activity data is associated with a tenant account of a service provider system, and wherein the threat model correlates one or more activities for a plurality of cloud applications based on profile information of a user, the user being associated with the tenant account for each of the plurality of cloud applications; and
identify, based on the threat model, a threat using a second portion of the stored activity data in the analytics repository database; and
wherein the processor is further configured by the seeder application to;
select a security policy to implement in response to the identified threat;
identify one or more cloud security controls in at least one remotely hosted cloud application server system of the service provider system to modify in accordance with the selected security policy, wherein the one or more cloud security controls configure access to a cloud application provided by the service provider system to the tenant account;
establish a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with the tenant account for accessing the cloud application; and
send one or more instructions to the at least one remotely hosted cloud application server system, the one or more instructions causing the at least one remotely hosted cloud application server system to set the identified one or more cloud security controls with respect to the tenant account in accordance with the selected security policy, wherein the access to the cloud application by the tenant account is modified based on the identified one or more cloud security controls that are set in accordance with the selected security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.
64 Citations
41 Claims
-
1. A cloud security system for monitoring and controlling security of accounts for cloud applications, the cloud security system comprising:
-
memory storing; an analytics application; a seeder application; and an analytics repository database; and a processor; wherein the processor is configured by the analytics application to; generate a threat model using at least a first portion of stored activity data in the analytics repository database, wherein the stored activity data is associated with a tenant account of a service provider system, and wherein the threat model correlates one or more activities for a plurality of cloud applications based on profile information of a user, the user being associated with the tenant account for each of the plurality of cloud applications; and identify, based on the threat model, a threat using a second portion of the stored activity data in the analytics repository database; and wherein the processor is further configured by the seeder application to; select a security policy to implement in response to the identified threat; identify one or more cloud security controls in at least one remotely hosted cloud application server system of the service provider system to modify in accordance with the selected security policy, wherein the one or more cloud security controls configure access to a cloud application provided by the service provider system to the tenant account; establish a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with the tenant account for accessing the cloud application; and send one or more instructions to the at least one remotely hosted cloud application server system, the one or more instructions causing the at least one remotely hosted cloud application server system to set the identified one or more cloud security controls with respect to the tenant account in accordance with the selected security policy, wherein the access to the cloud application by the tenant account is modified based on the identified one or more cloud security controls that are set in accordance with the selected security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for monitoring and remediation of security threats to cloud applications, the method comprising:
-
generating a threat model using at least a first portion of stored activity data in an analytics repository database using a cloud security system, wherein the stored activity data is associated with a tenant account of a service provider system, and wherein the threat model correlates one or more activities for a plurality of cloud applications based on profile information of a user, the user being associated with the tenant account for each of the plurality of cloud applications; identifying, based on the threat model, a threat using a second portion of the stored activity data in the analytics repository database using the cloud security system; selecting a security policy to implement in response to the identified threat using the cloud security system; identifying one or more cloud security controls in at least one remotely hosted cloud application server system of the service provider system to modify in accordance with the selected security policy using the cloud security system, wherein the one or more cloud security controls configure access to a cloud application provided by the service provider system to the tenant account; establishing, using the cloud security system, a secure connection to the at least one remotely hosted cloud application server system using login credentials associated with the tenant account for accessing the cloud application; and sending, using the cloud security system, one or more instructions to the at least one remotely hosted cloud application server system, the one or more instructions causing the at least one remotely hosted cloud application server system to set the identified one or more cloud security controls with respect to the tenant account in accordance with the selected security policy, wherein the access to the cloud application by the tenant account is modified based on the identified one or more cloud security controls that are set in accordance with the selected security policy. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for monitoring and remediation of security threats to cloud applications, the method comprising:
-
collecting registration information from a tenant using a cloud security system, where the registration information includes an authorization token secured by encryption; establishing, using the cloud security system, a first secure connection to a cloud application hosted by a service provider system using login credentials associated with a tenant account for accessing the cloud application; collecting software defined security configuration data from the service provider system using the cloud security system, where the software defined security configuration data comprises information describing a configuration of plurality of security controls in the cloud application with respect to the tenant account; retrieving, using the cloud security system, activity data associated with the tenant account, wherein the activity data is associated with a tenant account of a service provider system; storing the retrieved activity data in an analytics repository database using the cloud security system; generating a threat model using at least a first portion of stored activity data in the analytics repository database using the cloud security system, and wherein the threat model correlates one or more activities for a plurality of cloud applications based on profile information of a user, the user being associated with the tenant account for each of the plurality of cloud applications; identifying, based on the threat model, a threat using a second portion of stored activity data in the analytics repository database using the cloud security system; sending an alert including alert information and one or more recommended remediation actions; selecting a security policy to implement in response to the identified threat using the cloud security system; identifying one or more cloud security controls in at least one remotely hosted cloud application server system of the service provider system to modify in accordance with the selected security policy using the cloud security system, wherein the one or more cloud security controls configure access to the cloud application provided by the service provider system to the tenant account; establishing, using the cloud security system, a second secure connection to the at least one remotely hosted cloud application server system using the login credentials associated with the tenant account for accessing the cloud application; and sending, using the cloud security system, one or more instructions to the at least one remotely hosted cloud application server system, the one or more instructions causing the at least one remotely hosted cloud application server system to set the identified one or more cloud security controls with respect to the tenant account in accordance with the selected security policy, wherein the access to the cloud application by the tenant account is modified based on the identified one or more cloud security controls that are set in accordance with the selected security policy.
-
Specification