Automated response to detection of threat to cloud virtual machine

US 9,699,201 B2
Filed: 09/25/2014
Issued: 07/04/2017
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method for responding to a threat in a networked computing environment, the method comprising the computer-implemented processes of:

establishing a set of associations to a virtual machine (VM) instance, each association of the set of associations indicating a relationship between the VM instance and a related VM instance;

assigning a strength attribute to each association of the set of associations, wherein a first association corresponding to a first related VM instance is assigned a first strength attribute and a second association corresponding to a second related VM instance is assigned a second strength attribute and wherein the first strength attribute is relatively higher than the second strength attribute;

performing, in response to a detection of a threat, a first preventative measure on the first related VM instance, a strength of the first preventative measure being relatively stronger based on the first strength attribute; and

performing, in response to the detection of the threat, a second preventative measure on the second related VM instance, a strength of the second preventative measure being relatively weaker that the first preventative measure based on the second strength attribute.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for responding to a threat in a networked computing environment (e.g., a cloud computing environment) is provided. In an embodiment, a set of associations to a virtual machine (VM) instance are established, each association indicating a relationship between the VM instance and a related VM instance. Each of the associations in the set of associations is assigned a strength attribute. When a threat is detected in a VM instance, a first preventative measure is performed on a first related VM instance, the strength of which is determined based on the strength attribute that corresponds to the association between the VM instance and the first related VM instance. A second preventative measure is performed on a second related VM instance, the strength of which is based on the strength attribute that corresponds to the association between the VM instance and the second related VM instance.

18 Citations

20 Claims

1. A method for responding to a threat in a networked computing environment, the method comprising the computer-implemented processes of:
- establishing a set of associations to a virtual machine (VM) instance, each association of the set of associations indicating a relationship between the VM instance and a related VM instance;
  
  assigning a strength attribute to each association of the set of associations, wherein a first association corresponding to a first related VM instance is assigned a first strength attribute and a second association corresponding to a second related VM instance is assigned a second strength attribute and wherein the first strength attribute is relatively higher than the second strength attribute;
  
  performing, in response to a detection of a threat, a first preventative measure on the first related VM instance, a strength of the first preventative measure being relatively stronger based on the first strength attribute; and
  
  performing, in response to the detection of the threat, a second preventative measure on the second related VM instance, a strength of the second preventative measure being relatively weaker that the first preventative measure based on the second strength attribute.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the method further comprising executing a threat-detection tool, wherein the threat detection tool detects the threat.
  - 3. The method of claim 2, wherein the threat includes at least one of:
    - a denial of service attack, a vulnerability in the VM instance, or a hack.
  - 4. The method of claim 1, wherein the set of associations is established based on at least one of the following relationship factors:
    - a related VM instance is owned by a common customer with the VM instance, the related VM instance is owned by a customer that is related to an owner of the VM instance, the related VM instance performs a common service as the VM instance, the related VM instance is related to a common process with the VM instance, or the related VM instance is related to common technology underpinnings with the VM instance.
  - 5. The method of claim 1, wherein, for each association, the strength attribute is one of:
    - high, medium, or low.
  - 6. The method of claim 1, wherein the first preventative measure and the second preventative measure are further based on a location of the VM instance with respect to the first related VM instance and the second related VM instance, respectively.
  - 7. The method of claim 1, wherein the networked computing environment is a cloud computing environment and wherein the VM instance, the first related VM instance, and the second related VM instance are all cloud resources.

8. A system for responding to a threat in a networked computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  establish a set of associations to a virtual machine (VM) instance, each association of the set of associations indicating a relationship between the VM instance and a related VM instance;
  
  assign a strength attribute to each association in the set of associations wherein a first association corresponding to a first related VM instance is assigned a first strength attribute and a second association corresponding to a second related VM instance is assigned a second strength attribute and wherein the first strength attribute is relatively higher than the second strength attribute;
  
  perform, in response to a detection of a threat, a first preventative measure on the first related VM instance, a strength of the first preventative measure being relatively stronger based on the first strength attribute; and
  
  perform, in response to the detection of the threat, a second preventative measure on the second related VM instance, a strength of the second preventative measure being relatively weaker that the first preventative measure on the second strength attribute.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the instructions further causing the system to execute a threat-detection tool, wherein the threat detection tool detects the threat.
  - 10. The system of claim 9, wherein the threat includes at least one of:
    - a denial of service attack, a vulnerability in the VM instance, or a hack.
  - 11. The system of claim 8, wherein the set of associations is established based on at least one of the following relationship factors:
    - a related VM instance is owned by a common customer with the VM instance, the related VM instance is owned by a customer that is related to an owner of the VM instance, the related VM instance performs a common service as the VM instance, the related VM instance is related to a common process with the VM instance, or the related VM instance is related to common technology underpinnings with the VM instance.
  - 12. The system of claim 8, wherein, for each association, the strength attribute is one of:
    - high, medium, or low.
  - 13. The system of claim 8, wherein the first preventative measure and the second preventative measure are further based on a location of the VM instance with respect to the first related VM instance and the second related VM instance, respectively.
  - 14. The system of claim 8, wherein the networked computing environment is a cloud computing environment and wherein the VM instance, the first related VM instance, and the second related VM instance are all cloud resources.

15. A computer program product for responding to a threat in a cloud computing environment, the computer program product comprising a computer readable storage device, and program instructions stored on the computer readable storage device, that cause at least one computer device to:
- establish a set of associations to a virtual machine (VM) instance, each association of the set of associations indicating a relationship between the VM instance and a related VM instance;
  
  assign a strength attribute to each association in the set of associations, wherein a first association corresponding to a first related VM instance is assigned a first strength attribute and a second association corresponding to a second related VM instance is assigned a second strength attribute and wherein the first strength attribute is relatively higher than the second strength attribute;
  
  perform, in response to a detection of a threat, a first preventative measure on the first related VM instance, a strength of the first preventative measure being relatively stronger based on the first strength attribute; and
  
  perform, in response to the detection of the threat, a second preventative measure on the second related VM instance, a strength of the second preventative measure being relatively weaker that the first preventative measure based on the strength attribute.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, the instructions further causing the at least one computer device to:
    - execute a threat-detection tool, wherein the threat detection tool detects the threat.
  - 17. The computer program product of claim 16, wherein the threat includes at least one of:
    - a denial of service attack, a vulnerability in the VM instance, or a hack.
  - 18. The computer program product of claim 15, wherein the set of associations is established based on at least one of the following relationship factors:
    - a related VM instance is owned by a common customer with the VM instance, the related VM instance is owned by a customer that is related to an owner of the VM instance, the related VM instance performs a common service as the VM instance, the related VM instance is related to a common process with the VM instance, or the related VM instance is related to common technology underpinnings with the VM instance.
  - 19. The computer program product of claim 15, wherein the first preventative measure and the second preventative measure are further based on a location of the VM instance with respect to the first related VM instance and the second related VM instance, respectively.
  - 20. The computer program product of claim 15, wherein the networked computing environment is a cloud computing environment and wherein the VM instance, the related VM instance, and the second related VM instance are all first cloud resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Snitzer, Brian J., Balasubramanian, Swaminathan, O'Connell, Brian M., Lobbes, Matthew M.
Primary Examiner(s)
Das, Chameli
Assistant Examiner(s)
MACASIANO, JOANNE GONZALES

Application Number

US14/495,973
Publication Number

US 20160094568A1
Time in Patent Office

1,013 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

H04L 67/10   in which an application is ...

H04L 67/14   Session management for real...

Automated response to detection of threat to cloud virtual machine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated response to detection of threat to cloud virtual machine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links