Security recommendation engine

US 9,712,535 B1
Filed: 06/23/2016
Issued: 07/18/2017
Est. Priority Date: 09/10/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a plurality of computing resources operated on behalf of a customer of a provider network;

a computing device that at least;

receives a request for a security and compliance recommendation for the plurality of computing resources;

forms, in response to receiving the request, a security and compliance assessment based at least in part on tagged metadata associated with the plurality of computing resources, wherein access to the tagged metadata is restricted based on user identity, and wherein the tagged metadata is indicative of compliance with at least one security feature; and

forms the security and compliance recommendation based at least in part on comparing the security and compliance assessment to aggregated peer group data, wherein the aggregated peer group data is indicative of a frequency with which the at least one security feature is enabled by members of the peer group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Citations

20 Claims

1. A system comprising:
- a plurality of computing resources operated on behalf of a customer of a provider network;
  
  a computing device that at least;
  
  receives a request for a security and compliance recommendation for the plurality of computing resources;
  
  forms, in response to receiving the request, a security and compliance assessment based at least in part on tagged metadata associated with the plurality of computing resources, wherein access to the tagged metadata is restricted based on user identity, and wherein the tagged metadata is indicative of compliance with at least one security feature; and
  
  forms the security and compliance recommendation based at least in part on comparing the security and compliance assessment to aggregated peer group data, wherein the aggregated peer group data is indicative of a frequency with which the at least one security feature is enabled by members of the peer group.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the access to the tagged metadata is logged and restricted by user identity.
  - 3. The system of claim 1, wherein the computing device at least:
    - identifies the aggregated peer group based at least in part on at least one of industry size or geography.
  - 4. The system of claim 1, wherein the computing device at least:
    - forms the security and compliance recommendation based at least in part on information received from the provider network, the information indicative of at least one of organizational demographics, workload characterization, performance characterization, or configuration information.
  - 5. The system of claim 1, wherein the computing device at least:
    - forms the security and compliance recommendation based at least in part on comparing the security and compliance assessment to a second security and compliance assessment for a linked account.

6. A method for operating a provider network, comprising:
- receiving, by a computing device, a request for a security and compliance recommendation for a plurality of computing resources operated on behalf of a client;
  
  generating, by the computing device, a security and compliance assessment based at least in part on tagged metadata associated with the plurality of computing resources, wherein access to the tagged metadata is restricted based on user identity, and wherein the tagged metadata is indicative of compliance with at least one security feature; and
  
  generating, by the computing device, the security and compliance recommendation based at least in part on comparing the security and compliance assessment to peer group data, wherein the peer group data is indicative of a usage of the at least one security feature by members of the peer group.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the access to the tagged metadata is logged and restricted by user identity.
  - 8. The method of claim 6, further comprising:
    - identifying, by the computing device, the peer group based at least in part on at least one of industry size or geography.
  - 9. The method of claim 6, further comprising:
    - forming, by the computing device, the security and compliance recommendation based at least in part on information indicative of at least one of organizational demographics, workload characterization, performance characterization, and configuration information.
  - 10. The method of claim 6, further comprising:
    - forming, by the computing device, the security and compliance recommendation based at least in part on comparing the security and compliance assessment to a second security and compliance assessment for a linked account.
  - 11. The method of claim 6, further comprising:
    - allowing, by the computing device, at least one of a modification or addition to the tagged metadata, based at least in part on the user identity.
  - 12. The method of claim 6, wherein the security and compliance recommendation is indicative of a correspondence between the at least one security feature and an additional at least one security feature.
  - 13. The method of claim 6, wherein the tagged metadata comprises one or more tags subject to identity and access control.

14. A non-transitory computer-readable storage medium, having stored thereon instructions that, upon execution by one or more processors of a computing device, cause the computing device at least to:
- receive a request for a security and compliance recommendation for a plurality of computing resources maintained by a provider on behalf of a client;
  
  generate a security and compliance assessment based at least in part on tagged metadata associated with the plurality of computing resources, wherein access to the tagged metadata is restricted based on user identity, and wherein the tagged metadata is indicative of compliance with at least one security feature; and
  
  generate the security and compliance recommendation based at least in part on comparing the security and compliance assessment to peer group data, wherein the peer group data is indicative of a usage of the at least one security feature by members of the peer group.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, upon execution by the one or more processors of the computing device computing devices, cause the computing device at least to:
    - identify the peer group based at least in part on at least one of industry size or geography.
  - 16. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, upon execution by the one or more processors of the computing device, cause the computing device at least to:
    - form the security and compliance recommendation based at least in part on information indicative of at least one of organizational demographics, workload characterization, performance characterization, and configuration information.
  - 17. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, upon execution by the one or more processors of the computing device, cause the computing device at least to:
    - form the security and compliance recommendation based at least in part on comparing the security and compliance assessment to a second security and compliance assessment for a linked account.
  - 18. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, upon execution by the one or more processors of the computing device, cause the computing device at least to:
    - allow at least one of a modification or addition to the tagged metadata, based at least in part on the user identity.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the security and compliance recommendation is indicative of a correspondence between the at least one security feature and an additional at least one security feature.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the tagged metadata is associated with a revision history.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Rossman, Hart Matthew
Primary Examiner(s)
Song, Hosuk

Application Number

US15/191,354
Time in Patent Office

390 Days
Field of Search

726 1- 7, 726 11, 726 14, 726 22- 30, 713189, 713193
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45587   Isolation or security of vi...

G06F 8/71   Version control security ar...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/0893   Assignment of logical group...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

H04L 67/561   Adding application-function...

H04L 67/63   Routing a service request d...

Security recommendation engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security recommendation engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links