Computing resource inventory system
US-9529629-B2 · Dec 27, 2016 · US
Method and system for improving security and reliability in a networked application environment
US2018307849A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018307849-A1 |
| Application number | US-201815960468-A |
| Country | US |
| Kind code | A1 |
| Filing date | Apr 23, 2018 |
| Priority date | Apr 12, 2012 |
| Publication date | Oct 25, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.
First claim
Opening claim text (preview).
1 . A non-transitory computer-readable medium including instructions that, when executed by a processor, cause the processor to perform the steps of: discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture; determining a classification for the resource based on one or more classification criteria; determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture; if the classification corresponds to a record within the database, then: incrementing the counter associated with the record; or if the classification does not correspond to a record within the database, then: initializing another record within the database that corresponds to the classification, and initializing another counter associated with the another record; and publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit. 2 . The non-transitory computer-readable medium of claim 1 , wherein the resource comprises an instance of a software application executing within the distributed computing architecture. 3 . The non-transitory computer-readable medium of claim 1 , further comprising generating a notification when the classification does not correspond to a record within the database. 4 . The non-transitory computer-readable medium of claim 1 , further comprising retrieving a first threshold value associated with the record, and generating a notification when the counter exceeds the first threshold value. 5 . The non-transitory computer-readable medium of claim 4 , wherein generating the notification comprises publishing a message to a publication/subscription system indicating that the counter exceeds the first threshold value. 6 . The non-transitory computer-readable medium of claim 1 , further comprising retrieving a second threshold value associated with the record, and generating a second notification when the counter exceeds the second threshold value. 7 . The non-transitory computer-readable medium of claim 6 , wherein at least one of the first threshold value and the second threshold value comprises a percentage of a maximum limit. 8 . A system, comprising: a memory storing instructions; and a processor that is couple to the memory and, when executing the instructions, is configured to perform the steps of: discovering a resource associated with a distributed application, wherein the distributed application executes on a plurality of compute nodes, and the resource is discovered and monitored within the distributed computing architecture; determining a classification for the resource based on one or more classification criteria; determining whether the classification corresponds to a record within a database, wherein the record includes a counter of a quantity of the resource deployed in the distributed computing architecture; if the classification corresponds to a record within the database, then: incrementing the counter associated with the record; or if the classification does not correspond to a record within the database, then: initializing another record within the database that corresponds to the classification, and initializing another counter associated with the another record; and publishing a notification when the counter indicates that a utilization associated with the classification exceeds a pre-determined limit. 9 . The system of claim 8 , wherein the resource comprises an instance of a software application executing within the distributed computing architecture. 10 . The system of claim 8 , wherein the processor also performs that step of generating a notification when the classification does not correspond to a record within the database. 11 . The system of claim 8 , wherein the processor also performs that step of retrieving a first threshold value associated with the record, and generating a notification when the counter exceeds the first threshold value. 12 . The system of claim 11 , wherein generating the notification comprises publishing a message to a publication/subscription system indicating that the counter exceeds the first threshold value. 13 . The system of claim 8 , wherein the processor also performs that step of retrieving a second threshold value associated with the record, and generating a second notification when the counter exceeds the second threshold value. 14 . The system of claim 13 , wherein at least one of the first threshold value and the second threshold value comprises a percentage of a maximum limit. 15 . A method, comprising: scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and if the first security vulnerability is not listed within the database, then: initializing a record within the database that corresponds to the first security vulnerability; or if the first security vulnerability is listed within the database, then: updating a record within the database that corresponds to the first security vulnerability to indicate that the first security vulnerability was detected; determining that the first security vulnerability is marked as being resolved; and generating a notification that the first security vulnerability was resolved. 16 . The method of claim 15 , wherein the database includes an issue tracking system that is configured to track whether one or more security vulnerabilities have been resolved. 17 . The method of claim 15 , wherein the operation further comprises generating a notification when the record corresponding to the first security vulnerability is initialized. 18 . The method of claim 17 , wherein generating the notification comprises publishing a message to a publication/subscription system indicating that the distributed computing architecture is being scanned for security vulnerabilities. 19 . The method of claim 17 , wherein generating a notification comprises generating an automatic email indicating that the distributed computing architecture is being scanned for security vulnerabilities. 20 . The method of claim 15 , wherein scanning the networked application further comprises generating a notification that the distributed computing architecture is being scanned for security vulnerabilities. 21 . A system, comprising: a memory; and a processor that is coupled to the memory and, when executing the instructions, is configured to perform the steps of: scanning a distributed application that is executing on a plurality of compute nodes to detect a first security vulnerability, wherein the distributed application is stored within at least one memory element included in a distributed computing architecture; comparing the first security vulnerability against a database that includes a listing of previously-discovered security vulnerabilities; and if the first security vulnerability is not listed within the database, then: initializing a record within the database t
Assignees
Inventors
Classifications
Test or assess a computer or a system · CPC title
Vulnerability analysis · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Clustering or classification · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018307849A1 cover?
- A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approachi…
- Who is the assignee on this patent?
- Netflix Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/604. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Oct 25 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).