| 发明名称 |
SECURITY MANAGEMENT IN A NETWORKED COMPUTING ENVIRONMENT |
| 摘要 |
An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level. |
| 申请公布号 |
US2016248804(A1) |
申请公布日期 |
2016.08.25 |
| 申请号 |
US201615142456 |
申请日期 |
2016.04.29 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Abuelsaad Kelly;DeLuca Lisa Seacat;Jang Soobaek;Krook Daniel C. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method for managing security in a cloud computing network via at least one computing device therein, comprising:
assigning a set of security sensitivity levels to a plurality of components of the cloud computing network; detecting an attempted intrusion, over the cloud computing network, into at least one component of the plurality of components; addressing the attempted intrusion based upon the security sensitivity level assigned to the at least one component, wherein the attempted intrusion is addressed by performing a first action affecting at least one first component and by performing a different second action affecting at least one second component; wherein the at least one first component is under a high sensitivity classification and is in a virtual local area network (VLAN) containing a source of the attempted intrusion, wherein the at least one second component is under a high sensitivity level classification and is in a VLAN other than the VLAN containing the source of the attempted intrusion, wherein the first action comprises blocking access to the at least one first component, and wherein the second action comprises blocking one or more ports that are open between the VLAN other than the VLAN containing the source of the attempted intrusion and the VLAN containing the source of the attempted intrusion, without blocking access to a high security sever from other servers that are in the VLAN containing the source of the attempted intrusion. |
| 地址 |
Armonk NY US |
