Method and system for improving security and reliability in a networked application environment
First Claim
1. A computer-implemented method, comprising:
- discovering, via an administrative server coupled to a distributed computing architecture, a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture;
determining a classification for the resource based on one or more classification criteria;
determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture;
if the classification corresponds to a record within the database, then;
incrementing the counter associated with the record;
orif the classification does not correspond to a record within the database, then;
initializing another record within the database that corresponds to the classification, andinitializing another counter associated with the another record; and
publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit.
1 Assignment
0 Petitions
Accused Products
Abstract
A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.
180 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
discovering, via an administrative server coupled to a distributed computing architecture, a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture; determining a classification for the resource based on one or more classification criteria; determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture; if the classification corresponds to a record within the database, then; incrementing the counter associated with the record;
orif the classification does not correspond to a record within the database, then; initializing another record within the database that corresponds to the classification, and initializing another counter associated with the another record; and publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
-
scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and if the first security vulnerability is not listed within the database, then; initializing a record within the database that corresponds to the first security vulnerability;
orif the first security vulnerability is listed within the database, then; updating a record within the database that corresponds to the first security vulnerability to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a notification that the first security vulnerability was resolved. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An administration server, comprising:
-
a memory storing a security application; and a processor coupled to the memory, wherein, when executed by the processor, the security application configures the processor to; discover an access control list (ACL) associated with a distributed application executing on a plurality of compute nodes, wherein the ACL is stored within at least one memory element included in a distributed computing architecture; determine whether the ACL corresponds to a first record within a database; and if the ACL corresponds to a first record within the database, then determine that a configuration of the ACL differs from a configuration of the first record; and initialize a second record within the database that corresponds to the first record and has the configuration of the ACL;
orif the ACL does not correspond to a first record within the database, then initialize a second record within the database that corresponds to the ACL and has the configuration of the ACL. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification