Security management in a networked computing environment
US-2016248804-A1 · Aug 25, 2016 · US
Security management in a networked computing environment
US9756060B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9756060-B2 |
| Application number | US-201615351601-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 15, 2016 |
| Priority date | Jan 2, 2013 |
| Publication date | Sep 5, 2017 |
| Grant date | Sep 5, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, for managing security in a networked computing environment, comprising: detecting an attempted intrusion into at least one component of a plurality of components; and addressing the attempted intrusion based upon a security sensitivity level assigned to the at least one component, wherein the attempted intrusion is addressed by performing a first action affecting at least one first component and by performing a different second action affecting at least one second component of the plurality of components; wherein the at least one first component is in a virtual local area network (VLAN) containing a source of the attempted intrusion, wherein the at least one second component is in a VLAN other than the VLAN containing the source of the attempted intrusion, wherein the first action comprises blocking access to the at least one first component, and wherein the second action comprises blocking one or more ports that are open between the VLAN other than the VLAN containing the source of the attempted intrusion and the VLAN containing the source of the attempted intrusion, without blocking access to a high security sever from other servers that are in the VLAN containing the source of the attempted intrusion. 2. The computer-implemented method of claim 1 , further comprising determining a threat level of the attempted intrusion. 3. The computer-implemented method of claim 2 , wherein the determination of the threat level is based upon historical data. 4. The computer-implemented method of claim 1 , further comprising monitoring the networked computing environment for attempted intrusion. 5. The computer-implemented method of claim 1 , wherein the addressing is performed according to a set of rules. 6. The computer-implemented method of claim 1 , wherein a solution service provider provides a computer infrastructure operable to perform the computer-implemented method. 7. The computer-implemented method of claim 1 , the networked computing environment comprising a cloud computing environment. 8. A system for managing security in a networked computing environment, comprising: a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to: detect an attempted intrusion into at least one component of a plurality of components; and address the attempted intrusion based upon a security sensitivity level assigned to the at least one component, wherein the attempted intrusion is addressed by performing a first action affecting at least one first component and by performing a different second action affecting at least one second component of the plurality of components; wherein the at least one first component is in a virtual local area network (VLAN) containing a source of the attempted intrusion, wherein the at least one second component is in a VLAN other than the VLAN containing the source of the attempted intrusion, wherein the first action comprises blocking access to the at least one first component, and wherein the second action comprises blocking one or more ports that are open between the VLAN other than the VLAN containing the source of the attempted intrusion and the VLAN containing the source of the attempted intrusion, without blocking access to a high security sever from other servers that are in the VLAN containing the source of the attempted intrusion. 9. The system of claim 8 , the memory medium further comprising instructions for determining a threat level of the attempted intrusion. 10. The system of claim 9 , wherein the determining is based upon historical data. 11. The system of claim 10 , wherein the historical data comprises data including level of intrusion of previous intrusions and damage inflicted by previous intrusions. 12. The system of claim 8 , the memory medium further comprising instructions for causing the system to monitor the networked computing environment for attempted intrusion. 13. The system of claim 8 , wherein the addressing is performed based on a set of rules. 14. The system of claim 8 , the networked computing environment comprising a cloud computing environment. 15. A computer program product for managing security in a networked computing environment, the computer program product comprising a computer readable hardware storage device, and program instructions stored on the computer readable storage media, to: detect an attempted intrusion into at least one component of a plurality of components; and address the attempted intrusion based upon a security sensitivity level assigned to the at least one component, wherein the attempted intrusion is addressed by performing a first action affecting at least one first component and by performing a different second action affecting at least one second component of the plurality of components; wherein the at least one first component is in a virtual local area network (VLAN) containing a source of the attempted intrusion, wherein the at least one second component is in a VLAN other than the VLAN containing the source of the attempted intrusion, wherein the first action comprises blocking access to the at least one first component, and wherein the second action comprises blocking one or more ports that are open between the VLAN other than the VLAN containing the source of the attempted intrusion and the VLAN containing the source of the attempted intrusion, without blocking access to a high security sever from other servers that are in the VLAN containing the source of the attempted intrusion. 16. The computer program product of claim 15 , the computer readable hardware storage device further comprising instructions to determine a threat level of the attempted intrusion. 17. The computer program product of claim 16 , wherein the determining is based upon historical data. 18. The computer program product of claim 15 , the computer readable hardware storage device further comprising instructions to monitor the networked computing environment for attempted intrusion. 19. The computer program product of claim 15 , wherein the addressing is performed according to a set of rules. 20. The computer program product of claim 15 , the networked computing environment comprising a cloud computing environment.
Assignees
Inventors
Classifications
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Multiple levels of security · CPC title
involving event detection and direct action · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9756060B2 cover?
- An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security se…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/552. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).