US2015244735A1PendingUtilityA1

Systems and methods for orchestrating runtime operational integrity

Assignee: TAASERA INCPriority: May 1, 2012Filed: Feb 16, 2015Published: Aug 27, 2015
Est. expiryMay 1, 2032(~5.8 yrs left)· nominal 20-yr term from priority
G06F 21/51H04L 63/1441H04L 63/1408H04L 67/10H04L 63/0209G06F 21/564H04L 63/1425H04L 63/145G06F 21/52
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for presenting a data center level runtime operational integrity dashboard for visibility at an application level and controls to remediate infected systems hosting applications engaging in malicious activities in a display of a computing platform having an integrity processor, a runtime event correlation matrix, a trust broker, a system event correlator, a network activity correlator, a trust supervisor, and a remediation controller, the method comprising:
 receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors;   displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics; and   providing manual or automated remediation controls for threat containment and risk mitigation by performing one or more of:
 taking a snapshot of the infected system, 
 restoring or reimaging the infected system from a trusted baseline configuration, 
 quarantining the infected system from a network fabric, 
 diverting users from the infected system, 
 diverting transactions from the infected system, and 
 diverting traffic from the infected system. 
   
     
     
         2 . The method of  claim 1 , further comprising:
 displaying, in the GUI, a status and progress of initiated remediation actions; and   displaying, in the GUI, details of malware analytics comprising one or more of:
 infection summaries, 
 infection diagnosis, 
 threat categorization and identification based on a signature-less infection life-cycle model, 
 an address and geo-location for a source or attacker, 
 an identification of one or more infected victims, 
 forensic evidence chain of detected malicious activities and intent, and 
 compute, memory, storage and network level anomalies detected on the victim machine or infected system. 
   
     
     
         3 . The method of  claim 1 , wherein the risk indicators are color-coded. 
     
     
         4 . The method of  claim 1 , wherein the runtime operational integrity comprises execution anomalies and a threat posture. 
     
     
         5 . A method of orchestrating runtime operational integrity of a system executing on a computing platform using a network activity correlator, an integrity processor, a system event correlator, a trust broker, a remediation controller, a trust supervisor and a plurality of network endpoint assessments, the method comprising:
 determining, by the network activity correlator, infection profiles based on network event correlation forensic evidence of malicious communications;   determining, by the trust broker, system configuration anomalies based on system level normalization and collation of assessments;   determining, by the integrity processor, resource utilization anomalies based on rulesets or alert expressions associated with processor, memory, and network resource usage;   determining, by the integrity processor, at least one application integrity anomaly based on rulesets or alert expressions associated with static and dynamic image analysis;   determining, by the system event correlator, integrity profiles based on temporal and endpoint events associated with the application; and   correlating, by the trust supervisor, integrity and infection profiles to characterize behaviors through continuous local and remote monitoring risk analysis and detection of malicious applications.   
     
     
         6 . The method of  claim 5 , further comprising:
 mitigating, by the remediation controller, an infected system using inputs received from a real time threat visualization dashboard to implement flow level or transaction level remediation controls for the malicious applications.   
     
     
         7 . A system for orchestrating and displaying reputation scoring of a subject, the system comprising:
 a display;   a reputation broker configured to:
 process a query from a service provider for a reputation score of the subject, and 
 dispatch a request to generate a hierarchical reputation score for the subject; 
   a display module configured to render a graphical user interface (GUI) for an administration console comprising a plurality of dashboards in the display;   a trust orchestrator configured to:
 process a received request from the reputation broker for a hierarchical reputation score by:
 initiating a plurality of directed queries to information management systems external to an organization to interrogate attributes associated with the subject, 
 analyzing received query responses, 
 receiving a generated hierarchical reputation score for the subject based on a calculus of risk; and 
 sending the received hierarchical reputation score for the subject to the reputation broker; 
 
 receive a reputation token from the reputation broker for the subject in response to the dispatched request; and 
 send the reputation token to the service provider as a response to the query. 
   
     
     
         8 . The system of  claim 7 , wherein the query is received at a reputation broker configured to forward the query to the trust broker, and wherein the query can be created, displayed, edited, and submitted using a dashboard of the administration console. 
     
     
         9 . The system of  claim 7 , wherein the response is displayed in a dashboard of the administration console. 
     
     
         10 . The system of  claim 7 , wherein the hierarchical reputation is graphically depicted in a dashboard of the administration console. 
     
     
         11 . The system of  claim 7 , wherein the plurality of dashboards comprise one or more of:
 a global view dashboard;   a system configuration dashboard;   a resource utilization dashboard;   an application integrity dashboard; and   a network activity dashboard.   
     
     
         12 . The system of  claim 7 , wherein the plurality of dashboards includes a global view dashboard. 
     
     
         13 . The system of  claim 7 , wherein the plurality of dashboards includes a system configuration dashboard. 
     
     
         14 . The system of  claim 7 , wherein the plurality of dashboards includes a resource utilization dashboard. 
     
     
         15 . The system of  claim 7 , wherein the plurality of dashboards includes an application integrity dashboard. 
     
     
         16 . The system of  claim 7 , wherein the plurality of dashboards includes a network activity dashboard.

Join the waitlist — get patent alerts

Track US2015244735A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.