PatentsDB

Method and system for improving security and reliability in a networked application environment

US10691814B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-10691814-B2
Application numberUS-201815960468-A
CountryUS
Kind codeB2
Filing dateApr 23, 2018
Priority dateApr 12, 2012
Publication dateJun 23, 2020
Grant dateJun 23, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.

First claim

Opening claim text (preview).

What is claimed is: 1. One or more non-transitory computer-readable media including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of: discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within a distributed computing architecture; determining, based on one or more classification criteria, a classification for the resource; determining whether the classification corresponds to an existing record stored within a database, wherein the existing record includes an existing counter of a quantity of the resource deployed in the distributed computing architecture; upon determining that the classification does not correspond to any existing record within the database, then: initializing a first record that corresponds to the classification, initializing a first counter that is included in first record, incrementing the first counter, and storing the first record in the database; and when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit, publishing a first notification. 2. The one or more non-transitory computer-readable media of claim 1 , wherein the resource comprises an instance of a software application executing within the distributed computing architecture. 3. The one or more non-transitory computer-readable media of claim 1 , further comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the step of generating a second notification when the classification does not correspond to a record within the database. 4. The one or more non-transitory computer-readable media of claim 1 , further comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the steps of: retrieving a first threshold value associated with the first record, and generating a second notification when the counter exceeds the first threshold value. 5. The one or more non-transitory computer-readable media of claim 4 , wherein generating the second notification comprises publishing a message to a publication/subscription system indicating that the first counter exceeds the first threshold value. 6. The one or more non-transitory computer-readable media of claim 4 , further comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the steps of: retrieving a second threshold value associated with the first record, and generating a third notification when the counter exceeds the second threshold value. 7. The one or more non-transitory computer-readable media of claim 6 , wherein at least one of the first threshold value or the second threshold value comprises a percentage of a maximum limit. 8. A system, comprising: a memory storing instructions; and a processor that is couple to the memory and, when executing the instructions, is configured to perform the steps of: discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within a distributed computing architecture; determining, based on one or more classification criteria, a classification for the resource; determining whether the classification corresponds to an existing record stored within a database, wherein the existing record includes an existing counter of a quantity of the resource deployed in the distributed computing architecture; upon determining that the classification does not correspond to ay existing record within the database, then: initializing a first record that corresponds to the classification, initializing a first counter that is included in the first record, incrementing the first counter, and storing the first record in the database; and when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit, publishing a first notification. 9. The system of claim 8 , wherein the resource comprises an instance of a software application executing within the distributed computing architecture. 10. The system of claim 8 , wherein the processor also performs that step of generating a second notification when the classification does not correspond to a record within the database. 11. The system of claim 8 , wherein the processor also performs the steps of: retrieving a first threshold value associated with the first record, and generating a second notification when the counter exceeds the first threshold value. 12. The system of claim 11 , wherein generating the second notification comprises publishing a message to a publication/subscription system indicating that the first counter exceeds the first threshold value. 13. The system of claim 11 , wherein the processor also performs the steps of: retrieving a second threshold value associated with the first record, and generating a third notification when the counter exceeds the second threshold value. 14. The system of claim 13 , wherein at least one of the first threshold value or the second threshold value comprises a percentage of a maximum limit. 15. A method, comprising: scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and upon determining that the first security vulnerability is not listed within the database, then: initializing a first record that corresponds to the first security vulnerability, and storing the first record in the database; or upon determining that the first security vulnerability is listed within the database, then updating an existing record, which is stored within the database and corresponds to the first security vulnerability, to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a first notification that the first security vulnerability was resolved. 16. The method of claim 15 , wherein the database includes an issue tracking system that is configured to track whether one or more security vulnerabilities have been resolved. 17. The method of claim 15 , further comprising generating a second notification when the first record, corresponding to the first security vulnerability, is initialized. 18. The method of claim 17 , wherein generating the second notification comprises publishing a message to a publication/subscription system indicating that the distributed computing architecture is being scanned for security vulnerabilities. 19. The method of claim 17 , wherein generating the second notification comprises generating an automatic email indicating that the distributed computing architecture is being scanned for security vulnerabilities. 20. The method of claim 15 , wherein scanning the distributed application further comprises generating a second notification that the distributed computing architecture is being scanned for security vulnerabilities. 21. A system, comprising: a memory stori

Assignees

Inventors

Classifications

  • Y02D10/00

    Energy efficient computing, e.g. low power processors, power management or thermal management · CPC title

  • G06F9/50

    Allocation of resources, e.g. of the central processing unit [CPU] · CPC title

  • G06F11/302

    where the computing system component is a software system · CPC title

  • G06F2221/034

    Test or assess a computer or a system · CPC title

  • G06F21/604Primary

    Tools and structures for managing or administering access control systems · CPC title

Patent family

Related publications grouped by family.

View patent family 48095651

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10691814B2 cover?
A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approachi…
Who is the assignee on this patent?
Netflix Inc
What technology area does this patent fall under?
Primary CPC classification G06F21/604. Mapped technology areas include Physics.
When was this patent published?
Publication date Tue Jun 23 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).