-
公开(公告)号:US20180004960A1
公开(公告)日:2018-01-04
申请号:US15706408
申请日:2017-09-15
Applicant: NetFlix, Inc.
Inventor: Andy Hoernecke , Jason Chan
CPC classification number: G06F21/577 , G06F11/3688 , G06Q10/0635 , G06Q10/10
Abstract: Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system an application security server having a processing device in communication with one or more storage systems and includes a security testing system with a plurality of security test modules. The test modules include a first module associated with a first application associated with one or more application instances configured to receive and transmit over a network. The processing device calculates a security risk score for the first application based on information about the first application, determines a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application, and associates the security priority level of the first application with the first application in a database of application security information.
-
公开(公告)号:US09825956B2
公开(公告)日:2017-11-21
申请号:US14876629
申请日:2015-10-06
Applicant: NETFLIX, INC.
Inventor: Patrick Kelley , Ben Hagen , Jason Chan , Kevin Glisson
CPC classification number: H04L63/10 , H04L63/20 , H04L67/10 , H04L67/306
Abstract: Provided herein are systems and methods of managing permissions for applications deployed in a distributed computing infrastructure. An exemplary system includes an access management server having a processing device, a distributed computing infrastructure in communication with the management server having a plurality of resource instances and a request log, an administration system having a security application executing thereon. The security application has access policies associated with each of a plurality of applications. The processing device of the management server: receives application request information from the request log describing requests made by a first application being monitored by the access management server. The management server receives an access policy describing a set of accessible APIs associated with the first application from the security application and determines that access to a first API of the set should be removed, and modifies the access policy to remove access to the first API.
-
公开(公告)号:US09614818B2
公开(公告)日:2017-04-04
申请号:US14810340
申请日:2015-07-27
Applicant: Netflix, Inc.
Inventor: Poornaprajna Udupi , Jason Chan , Jay Zarfoss
CPC classification number: H04L63/0435 , H04L9/0822 , H04L9/0825 , H04L9/0827 , H04L9/083 , H04L9/0844 , H04L9/088 , H04L9/0891 , H04L9/0894 , H04L63/0428 , H04L63/0442 , H04L63/062 , H04L63/08
Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.
-
公开(公告)号:US20170098086A1
公开(公告)日:2017-04-06
申请号:US14876354
申请日:2015-10-06
Applicant: NETFLIX, INC.
Inventor: Andy Hoernecke , Jason Chan
IPC: G06F21/57
CPC classification number: G06F21/577 , G06F11/3688 , G06Q10/0635 , G06Q10/10
Abstract: Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system includes a server having a processing device in communication with storage systems, computing devices executing application instances configured to receive and transmit information over a network, and a security testing system including a first test module that is associated with a first application, which is associated with one or more of the application instances. The processing device of the server retrieves information about the first application, including current dependency information of the first application, calculates a security risk score for the first application based on the information, determines a security priority level associated with first application, and associates the security priority level of the first application with the first application in a database of application security information.
-
公开(公告)号:US20160088020A1
公开(公告)日:2016-03-24
申请号:US14495631
申请日:2014-09-24
Applicant: Netflix, Inc.
Inventor: Jason Chan , Poornaprajna Udupi , Shashi Madappa
CPC classification number: H04L63/0245 , G06F17/30312 , H04L63/0218 , H04L63/0227 , H04L63/1408 , H04L63/20 , H04L67/10
Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.
Abstract translation: 公开了实现分布式防火墙的方法,技术和机制。 在一个实施例中,许多不同的计算机资产基于本地策略数据来警告传入消息。 此本地策略数据与全局策略数据同步。 全局策略数据由一个或多个单独的分析器生成。 每个分析器都可以访问消息日志或从其导出的信息,用于计算机资产的组,因此能够基于来自整个组而不是隔离资产的智能生成策略。 除了其他效果之外,一些方法,技术和机制可能是有效的,即使在对攻击面的监督有限的计算环境中,和/或资产可能需要就输入消息应如何进行独立决定的计算环境 由于与其他系统组件的连接的延迟和/或不可靠性而处理。
-
Patent Agency Ranking
公开(公告)号:US10769282B2
公开(公告)日:2020-09-08
申请号:US15997623
申请日:2018-06-04
Applicant: NETFLIX, INC.
Inventor: Jason Chan , Patrick Kelley , Benjamin Hagen , Samuel Reed
IPC: G06F21/57
Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.
-
公开(公告)号:US10262145B2
公开(公告)日:2019-04-16
申请号:US15706408
申请日:2017-09-15
Applicant: NetFlix, Inc.
Inventor: Andy Hoernecke , Jason Chan
Abstract: Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system an application security server having a processing device in communication with one or more storage systems and includes a security testing system with a plurality of security test modules. The test modules include a first module associated with a first application associated with one or more application instances configured to receive and transmit over a network. The processing device calculates a security risk score for the first application based on information about the first application, determines a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application, and associates the security priority level of the first application with the first application in a database of application security information.
-
公开(公告)号:US10178074B2
公开(公告)日:2019-01-08
申请号:US15476931
申请日:2017-03-31
Applicant: NETFLIX, INC.
Inventor: Poornaprajna Udupi , Jason Chan , Jay Zarfoss
Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.
-
公开(公告)号:US20180349615A1
公开(公告)日:2018-12-06
申请号:US15997623
申请日:2018-06-04
Applicant: NETFLIX, INC.
Inventor: Jason Chan , Patrick Kelley , Benjamin Hagen , Samuel Reed
IPC: G06F21/57
Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.
-
公开(公告)号:US20180316647A1
公开(公告)日:2018-11-01
申请号:US15960419
申请日:2018-04-23
Applicant: NETFLIX, INC.
Inventor: Jason Chan , Poornaprajna Udupi , Shashi Madappa
Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.02 seconds)
