METHOD AND SYSTEM FOR IMPROVING SECURITY AND RELIABILITY IN A NETWORKED APPLICATION ENVIRONMENT
First Claim
1. A non-transitory computer-readable medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
- discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture;
determining a classification for the resource based on one or more classification criteria;
determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture;
if the classification corresponds to a record within the database, then;
incrementing the counter associated with the record;
orif the classification does not correspond to a record within the database, then;
initializing another record within the database that corresponds to the classification, andinitializing another counter associated with the another record; and
publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit.
2 Assignments
0 Petitions
Accused Products
Abstract
A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.
101 Citations
40 Claims
-
1. A non-transitory computer-readable medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
-
discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture; determining a classification for the resource based on one or more classification criteria; determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture; if the classification corresponds to a record within the database, then; incrementing the counter associated with the record;
orif the classification does not correspond to a record within the database, then; initializing another record within the database that corresponds to the classification, and initializing another counter associated with the another record; and publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a memory storing instructions; and a processor that is couple to the memory and, when executing the instructions, is configured to perform the steps of; discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture; determining a classification for the resource based on one or more classification criteria; determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture; if the classification corresponds to a record within the database, then; incrementing the counter associated with the record;
orif the classification does not correspond to a record within the database, then; initializing another record within the database that corresponds to the classification, and initializing another counter associated with the another record; and publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and if the first security vulnerability is not listed within the database, then; initializing a record within the database that corresponds to the first security vulnerability;
orif the first security vulnerability is listed within the database, then; updating a record within the database that corresponds to the first security vulnerability to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a notification that the first security vulnerability was resolved. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system, comprising:
-
a memory; and a processor that is coupled to the memory and, when executing the instructions, is configured to perform the steps of; scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and if the first security vulnerability is not listed within the database, then; initializing a record within the database that corresponds to the first security vulnerability;
orif the first security vulnerability is listed within the database, then; updating a record within the database that corresponds to the first security vulnerability to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a notification that the first security vulnerability was resolved. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method, comprising:
-
discovering an access control list (ACL) associated with a distributed application executing on a plurality of compute nodes, wherein the ACL is stored within at least one memory element included in a distributed computing architecture; determining whether the ACL corresponds to a first record within a database; and if the ACL corresponds to a first record within the database, then determining that a configuration of the ACL differs from a configuration of the first record; and initializing a second record within the database that corresponds to the first record and has the configuration of the ACL;
orif the ACL does not correspond to a first record within the database, then initializing a second record within the database that corresponds to the ACL and has the configuration of the ACL. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A non-transitory computer-readable medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
-
discovering an access control list (ACL) associated with a distributed application executing on a plurality of compute nodes, wherein the ACL is stored within at least one memory element included in a distributed computing architecture; determining whether the ACL corresponds to a first record within a database; and if the ACL corresponds to a first record within the database, then determining that a configuration of the ACL differs from a configuration of the first record; and initializing a second record within the database that corresponds to the first record and has the configuration of the ACL;
orif the ACL does not correspond to a first record within the database, then initializing a second record within the database that corresponds to the ACL and has the configuration of the ACL. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification