Segmented networks that implement scanning
First Claim
Patent Images
1. A system comprising:
- a plurality of segmented environments, each of the plurality of segmented environments comprising an enforcement point comprising an active probe device, and a plurality of workloads each implementing at least one service component, the plurality of segmented environments collectively providing a service, each of the plurality of segmented environments providing a portion of the service; and
a data center server coupled with the plurality of segmented environments over a network, the data center server comprising;
a security controller providing, via at least one processor, a security policy to each of the plurality of segmented environments, the security policy being configured using the service; and
an active probe controller requesting, via the at least one processor, each active probe device of the plurality of segmented environments to perform a respective scan of a plurality of scans, the plurality of scans performed on the plurality of segmented environments collectively providing the service, the plurality of scans occurring in parallel on the plurality of workloads implementing the at least one service component, the plurality of scans being executed synchronously on the plurality of segmented environments without affecting performance of the network established between the data center server and the plurality of segmented environments, the active probe device of one or more of the plurality of segmented environments implementing a remediation scheme when the plurality of scans indicate a vulnerability.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. The system also has a data center server coupled with the plurality of segmented environments over a network. The data center server has a security controller configured to provide a security policy to each of the plurality of segmented environments and an active probe controller configured to cause the active probe device of the plurality of segmented environments to execute a scan.
140 Citations
19 Claims
-
1. A system comprising:
-
a plurality of segmented environments, each of the plurality of segmented environments comprising an enforcement point comprising an active probe device, and a plurality of workloads each implementing at least one service component, the plurality of segmented environments collectively providing a service, each of the plurality of segmented environments providing a portion of the service; and a data center server coupled with the plurality of segmented environments over a network, the data center server comprising; a security controller providing, via at least one processor, a security policy to each of the plurality of segmented environments, the security policy being configured using the service; and an active probe controller requesting, via the at least one processor, each active probe device of the plurality of segmented environments to perform a respective scan of a plurality of scans, the plurality of scans performed on the plurality of segmented environments collectively providing the service, the plurality of scans occurring in parallel on the plurality of workloads implementing the at least one service component, the plurality of scans being executed synchronously on the plurality of segmented environments without affecting performance of the network established between the data center server and the plurality of segmented environments, the active probe device of one or more of the plurality of segmented environments implementing a remediation scheme when the plurality of scans indicate a vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
establishing a plurality of segmented environments within a data center, each of the plurality of segmented environments comprising an enforcement point comprising an active probe device, and a plurality of workloads each implementing at least one service component, the plurality of segmented environments collectively providing a service, each of the plurality of segmented environments providing a portion of the service; provisioning each of the plurality of segmented environments with a security policy, the security policy being configured using the service; and performing a scan on each of the plurality of segmented environments using a respective active probe device, the scans performed on the plurality of segmented environments collectively providing the service, the scans occurring in parallel on the plurality of workloads implementing the at least one service component, the respective active probe device identifying an affected segmented environment, the scans being executed synchronously on the plurality of segmented environments without affecting performance of a network established between a data center and the plurality of segmented environments, the respective active probe device implementing a remediation scheme when the scans indicate a vulnerability. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
establishing a plurality of segmented environments coupled to a data center server over a network, each of the plurality of segmented environments comprising an enforcement point comprising an active probe device, and a plurality of workloads each implementing at least one service component, the plurality of segmented environments collectively providing a service, each of the plurality of segmented environments providing a portion of the service; providing, using a security controller, a security policy to each of the plurality of segmented environments, the security policy being configured using the service; and requesting each active probe device of the plurality of segmented environments to perform a respective scan of a plurality of scans, the plurality of scans performed within the plurality of segmented environments collectively providing the service, the respective scan occurring independently of the data center server and other segmented environments of the plurality of segmented environments, the plurality of scans occurring in parallel on the plurality of workloads implementing the at least one service component, the plurality of scans being executed synchronously within the plurality of segmented environments without affecting performance of the network established between the data center server and the plurality of segmented environments, the active probe device of one or more of the plurality of segmented environments implementing a remediation scheme when the plurality of scans indicate a vulnerability.
-
Specification