System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
First Claim
1. A system for virtual asset management comprising:
- one or more processors; and
at least one memory coupled to at least one of the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process including;
providing a cloud computing environment including one or more virtual assets instantiated and executing within the cloud computing environment by a computing processor, the one or more virtual assets comprising, at instantiation;
virtual asset self-monitoring logic, the virtual asset self-monitoring logic including data and instructions for detecting one or more trigger events of the virtual asset;
virtual asset self-reporting logic, the virtual asset self-reporting logic including data and instructions for generating trigger event reporting data if one of the one or more trigger events is detected in the virtual asset by the virtual asset self-monitoring logic;
self-reporting communications channel creation logic, the self-reporting communications channel creation logic including data and instructions for opening a self-reporting communications channel between the virtual asset and a virtual asset monitoring system responsive to one of the one or more trigger events being detected in the virtual asset by the virtual asset self-monitoring logic; and
trigger event reporting data transfer logic, the trigger event reporting data transfer logic including data and instructions for transferring the trigger event reporting data from the virtual asset to the virtual asset monitoring system if one of the one or more trigger events is detected in the virtual asset by the virtual asset self-monitoring logic;
detecting, by monitoring message traffic sent from the virtual asset, at least one message that satisfies one or more predefined trigger parameters;
classifying one or more portions of the detected at least one message as being suspect, the classified portions of the detected message satisfying the one or more predefined trigger parameters;
assigning a threat score to the suspect message at least partially based on a potential impact of the suspect message'"'"'s potential security threat on the virtual asset;
enabling, by providing the threat score to the virtual asset, the extrusion detection capable virtual asset to secure against the suspect message;
for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and
transferring the suspect message copy data to one or more analysis systems for further analysis.
0 Assignments
0 Petitions
Accused Products
Abstract
A trigger event monitoring system is provided in one or more virtual assets. One or more trigger parameters, including security threat patterns, are defined and trigger data is generated. The one or more trigger monitoring systems are used to monitor extrusion and intrusion capabilities and self-monitored trigger events that may harm or otherwise leave a virtual asset in a vulnerable state. In one embodiment, trigger events and monitoring of at least a portion of message traffic sent to, or sent from, the one or more virtual assets are initiated and/or performed to detect any message including one or more of the one or more of the trigger parameters. Any message meeting the one or more trigger parameters is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. Various corrective actions may take place.
385 Citations
11 Claims
-
1. A system for virtual asset management comprising:
-
one or more processors; and at least one memory coupled to at least one of the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process including; providing a cloud computing environment including one or more virtual assets instantiated and executing within the cloud computing environment by a computing processor, the one or more virtual assets comprising, at instantiation; virtual asset self-monitoring logic, the virtual asset self-monitoring logic including data and instructions for detecting one or more trigger events of the virtual asset; virtual asset self-reporting logic, the virtual asset self-reporting logic including data and instructions for generating trigger event reporting data if one of the one or more trigger events is detected in the virtual asset by the virtual asset self-monitoring logic; self-reporting communications channel creation logic, the self-reporting communications channel creation logic including data and instructions for opening a self-reporting communications channel between the virtual asset and a virtual asset monitoring system responsive to one of the one or more trigger events being detected in the virtual asset by the virtual asset self-monitoring logic; and trigger event reporting data transfer logic, the trigger event reporting data transfer logic including data and instructions for transferring the trigger event reporting data from the virtual asset to the virtual asset monitoring system if one of the one or more trigger events is detected in the virtual asset by the virtual asset self-monitoring logic; detecting, by monitoring message traffic sent from the virtual asset, at least one message that satisfies one or more predefined trigger parameters; classifying one or more portions of the detected at least one message as being suspect, the classified portions of the detected message satisfying the one or more predefined trigger parameters; assigning a threat score to the suspect message at least partially based on a potential impact of the suspect message'"'"'s potential security threat on the virtual asset; enabling, by providing the threat score to the virtual asset, the extrusion detection capable virtual asset to secure against the suspect message; for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and transferring the suspect message copy data to one or more analysis systems for further analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification