公开(公告)号：US09767291B2

公开(公告)日：2017-09-19

申请号：US14876354

申请日：2015-10-06

Applicant: NETFLIX, INC.

Inventor： Andy Hoernecke ,  Jason Chan

IPC: H04L29/06 ,  G06F21/57 ,  G06F11/36 ,  G06Q10/06 ,  G06Q10/10

CPC classification number: G06F21/577 ,  G06F11/3688 ,  G06Q10/0635 ,  G06Q10/10

Abstract: Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system includes a server having a processing device in communication with storage systems, computing devices executing application instances configured to receive and transmit information over a network, and a security testing system including a first test module that is associated with a first application, which is associated with one or more of the application instances. The processing device of the server retrieves information about the first application, including current dependency information of the first application, calculates a security risk score for the first application based on the information, determines a security priority level associated with first application, and associates the security priority level of the first application with the first application in a database of application security information.

公开(公告)号：US09621588B2

公开(公告)日：2017-04-11

申请号：US14495631

申请日：2014-09-24

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

CPC classification number: H04L63/0245 ,  G06F17/30312 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/10

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US09094377B2

公开(公告)日：2015-07-28

申请号：US13969365

申请日：2013-08-16

Applicant: Netflix, Inc.

Inventor： Poornaprajna Udupi ,  Jason Chan ,  Jay Zarfoss

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

Abstract translation: 实施例提供了在计算基础设施内生成和管理加密密钥的技术。 实施例提供了以可配置的间隔在列表中生成和维护密钥对的密钥发布者。 此外，密钥发布者将列表发布到计算基础架构内的其他组件。 实施例还提供了下载加密密钥对列表并维护主动密钥窗口的关键消费者，可以从将敏感数据传送到计算基础设施的客户端设备接受。 如果密钥客户端从活动窗口之外的客户端设备接收到与列表中未来的密钥对相对应的密钥，则密钥客户端将向未来密钥对移动活动窗口。