Systems and apparatuses for architecture assessment and policy enforcement
First Claim
1. A method for asset architecture evaluation and security enforcement within an enterprise computing platform implementing a DevOpsSec or Agile architecture, the method comprising:
- causing transmission, by a component scanner, of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine;
receiving an indication that there have been changes to a current architecture of the asset;
generating a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including both the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset;
dynamically evaluating, by risk evaluation circuitry and in near-real-time using one or more machine learning algorithms trained using information contained in the DevOpsSec architecture, the proposed architecture against one or more baselines or patterns established for the enterprise computing platform;
in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps;
causing transmission, by the component scanner and to the component agent residing on the asset, of a data stream regarding the proposed architecture.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments are disclosed herein for asset architecture evaluation and security enforcement within an enterprise computing platform. One example method includes receiving a proposed architecture for evaluation, wherein the proposed architecture for evaluation relates to integration of an asset into the enterprise computing platform. This example method further includes dynamically evaluating, by risk evaluation circuitry, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform. In addition, the example method includes, in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps. The example method further includes generating a report regarding the proposed architecture, wherein the report identifies any changes to the proposed architecture that would remediate the identified security gaps. Corresponding apparatuses and computer program products are also provided.
-
Citations
20 Claims
-
1. A method for asset architecture evaluation and security enforcement within an enterprise computing platform implementing a DevOpsSec or Agile architecture, the method comprising:
-
causing transmission, by a component scanner, of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine; receiving an indication that there have been changes to a current architecture of the asset; generating a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including both the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset; dynamically evaluating, by risk evaluation circuitry and in near-real-time using one or more machine learning algorithms trained using information contained in the DevOpsSec architecture, the proposed architecture against one or more baselines or patterns established for the enterprise computing platform; in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps; causing transmission, by the component scanner and to the component agent residing on the asset, of a data stream regarding the proposed architecture. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for asset architecture evaluation and security enforcement within an enterprise computing platform implementing a DevOpsSec or Agile architecture, the apparatus comprising at least one processor and at least one memory storing computer-executable instructions, that, when executed by the at least one processor, cause the apparatus to:
-
cause transmission of one or more change identification messages to a component agent residing on an asset that was previously evaluated by a security engine; receive an indication that there have been changes to a current architecture of the asset; generate a proposed architecture for evaluation, wherein the proposed architecture for evaluation indicates a design including the enterprise computing platform and a modified version of the architecture of the asset that is based on the changes to the current architecture of the asset; dynamically evaluate, in near-real-time using one or more machine learning algorithms trained using information contained in the DevOpsSec architecture, the proposed architecture against one or more baselines or patterns established for the enterprise computing platform; in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determine changes to the proposed architecture that would remediate the identified security gaps; cause transmission, by the component scanner and to the component agent residing on the asset, of a data stream regarding the proposed architecture. - View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
-
-
15. An apparatus for asset architecture evaluation and security enforcement within an enterprise computing platform implementing a DevOpsSec or Agile architecture, the apparatus comprising:
-
means for receiving a proposed architecture for evaluation, wherein the proposed architecture for evaluation relates to integration of an asset into the enterprise computing platform; means for dynamically evaluating, using one or more machine learning algorithms trained using information contained in the DevOpsSec architecture, the proposed architecture against one or more baselines or patterns established for the enterprise computing platform; means for, in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining changes to the proposed architecture that would remediate the identified security gaps; and means for causing transmission, by the component scanner and to the component agent residing on the asset, of a data stream regarding the proposed architecture. - View Dependent Claims (16, 17, 18, 19)
-
Specification