SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY

摘要

Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI.

主权项

1. A method for presenting a data center level runtime operational integrity dashboard for visibility at an application level and controls to remediate infected systems hosting applications engaging in malicious activities in a display of a computing platform having an integrity processor, a runtime event correlation matrix, a trust broker, a system event correlator, a network activity correlator, a trust supervisor, and a remediation controller, the method comprising:
receiving, from a plurality of endpoint assessment services, runtime integrity metrics for a plurality of trust vectors; displaying, in a graphical user interface (GUI) on the display, risk indicators and impact analysis based on the confidence level of received integrity metrics; and providing manual or automated remediation controls for threat containment and risk mitigation by performing one or more of:
taking a snapshot of the infected system,restoring or reimaging the infected system from a trusted baseline configuration,quarantining the infected system from a network fabric,diverting users from the infected system,diverting transactions from the infected system, anddiverting traffic from the infected system.