Remediation Of Detected Configuration Violations

Patent No. US11418393 (titled "Remediation Of Detected Configuration Violations") was filed by Appomni Inc on Jul 26, 2021.

’393 is related to the field of cybersecurity, specifically the automated remediation of configuration violations in cloud-based services. Modern enterprises rely on numerous SaaS platforms, each with its own security settings. Manually managing these settings across different platforms is complex and error-prone, leading to potential security breaches and compliance issues. The patent addresses the problem of efficiently identifying and resolving these configuration discrepancies.

The underlying idea behind ’393 is to automate the process of detecting and fixing configuration violations by comparing actual settings against prescribed settings defined in an organization's internal reference information. This involves querying data source servers for their current configurations, comparing them to desired configurations (policies, best practices, etc.), and then automatically or manually applying remediations to correct any discrepancies. The system also maintains an audit log to track all actions taken.

The claims of ’393 focus on a system, method, and computer program product for detecting and remediating configuration violations at a data source server. The core process involves receiving an indication to perform an audit against a policy, obtaining stored mappings, querying the data source server for configured security attributes , obtaining prescribed security attributes , comparing these attributes based on policy type and role group, determining if a violation exists based on the comparison, providing a remediation, and storing an audit log of the remediation events.

In practice, the system operates by first defining policies that specify the desired security configurations for various elements within a SaaS platform. When a violation is detected, the system can automatically generate API commands to correct the misconfiguration, or it can generate a manual remediation plan for a security administrator to implement. The choice between automatic and manual remediation can be based on the severity of the violation or the availability of an API for automated correction. The audit log provides a record of all actions taken, ensuring accountability and facilitating compliance reporting.

The invention differentiates itself from prior approaches by providing a centralized system for managing security configurations across multiple SaaS platforms. Unlike manual processes that are time-consuming and prone to error, this system automates the detection and remediation of violations, reducing the risk of security breaches and improving compliance posture. The use of internal reference information allows organizations to customize the system to their specific security policies and best practices, making it a flexible and adaptable solution.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2020s when ’393 was filed, systems commonly relied on centralized security information and event management (SIEM) platforms to aggregate and analyze security alerts. At a time when security automation was gaining traction, security administrators typically relied on manual processes to triage and remediate detected security violations. When hardware or software constraints made real-time analysis and automated remediation non-trivial, security teams often struggled to manage the high volume of alerts generated by security systems.

Novelty and Inventive Step

The examiner approved the application because the prior art of record did not teach or suggest the specific combination of steps for detecting a violation associated with a configuration at a data source server. This combination includes receiving an indication to perform an audit with respect to a policy, obtaining stored mappings corresponding to the policy, querying the data source server for configured security attributes of elements associated with the data source server with respect to a role group of the policy using the stored mappings, obtaining prescribed security attributes corresponding to the stored mappings, comparing the configured security attributes and the prescribed security attributes corresponding to the stored mappings based at least in part on a policy type and the role group of the policy, and determining that the violation exists based at least in part on the comparison between the configured security attributes and the prescribed security attributes, in light of other features described in independent claims 1, 12 and 20.

Claims

This patent includes 18 claims, with claims 1, 11, and 18 being independent. The independent claims are directed to a system, a method, and a computer program product, respectively, all generally focused on detecting and remediating violations associated with configurations at a data source server. The dependent claims generally elaborate on the specifics of violation detection, remediation processes (both automatic and manual), and severity determination.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)	Support for Specification	Interpretation
Audit log (Claim 1, Claim 11, Claim 18)	“An audit log associated with a result of the remediation corresponding to the violation is stored. In various embodiments, the audit log stores event(s) associated with the one or more steps that have been performed by the provided remediation of the violation. For example, the audit log corresponding to the detected violation tracks the sequences of events associated with who (e.g., which user(s) or programs), when, and/or why had performed steps towards remediating the violation.”	A log that includes one or more events associated with the remediation corresponding to the violation.
Configured security attributes (Claim 1, Claim 11, Claim 18)	“A violation associated with a configuration at a data source server is detected. In various embodiments, the violation associated with the configuration at the data source server is determined against a prescribed configuration that is described by internal reference information.”	Security attributes of elements associated with the data source server.
Data source server (Claim 1, Claim 11, Claim 18)	“A violation associated with a configuration at a data source server is detected. In various embodiments, the violation associated with the configuration at the data source server is determined against a prescribed configuration that is described by internal reference information.”	A server that has a configuration that can be checked for violations.
Prescribed security attributes (Claim 1, Claim 11, Claim 18)	“A violation associated with a configuration at a data source server is detected. In various embodiments, the violation associated with the configuration at the data source server is determined against a prescribed configuration that is described by internal reference information.”	Security attributes corresponding to the stored mappings.
Stored mappings (Claim 1, Claim 11, Claim 18)	“A violation associated with a configuration at a data source server is detected. In various embodiments, the violation associated with the configuration at the data source server is determined against a prescribed configuration that is described by internal reference information.”	Information used to query the data source server for configured security attributes.

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

Date
Description

Get instant alerts for new documents

Jan 31, 2023
Certificate of Correction - Post Issue Communication
Dec 21, 2022
Request for Certificate of Correction
Dec 21, 2022
Request for Certificate of Correction
Dec 21, 2022
Electronic Filing System Acknowledgment Receipt
Jul 27, 2022
Issue Notification
Jul 12, 2022
Issue Fee Payment (PTO-85B)
Jul 12, 2022
Fee Worksheet (SB06)
Jul 12, 2022
Electronic Filing System Acknowledgment Receipt
May 4, 2022
Notice of Allowance and Fees Due (PTOL-85)
May 4, 2022
Examiner Interview Summary Record (PTOL - 413)
May 4, 2022
List of references cited by examiner
May 4, 2022
Issue Information including classification, examiner, name, claim, renumbering, etc.
May 4, 2022
Search information including classification, databases and other search related notes
May 4, 2022
Bibliographic Data Sheet
May 4, 2022
Examiner's search strategy and results
May 4, 2022
Examiner's search strategy and results
Oct 2, 2021
Communication - Re: Power of Attorney (PTOL-308)
Oct 2, 2021
Filing Receipt
Oct 2, 2021
Fee Worksheet (SB06)
Sep 29, 2021
Applicant Response to Pre-Exam Formalities Notice
Sep 29, 2021
Oath or Declaration filed
Sep 29, 2021
Power of Attorney
Sep 29, 2021
Power of Attorney
Sep 29, 2021
Drawings-only black and white line drawings
Sep 29, 2021
Fee Worksheet (SB06)
Sep 29, 2021
Electronic Filing System Acknowledgment Receipt
Aug 6, 2021
Filing Receipt
Aug 6, 2021
Fee Worksheet (SB06)
Aug 6, 2021
Notice to File Missing Parts
Jul 26, 2021
Application Data Sheet
Jul 26, 2021
Drawings-only black and white line drawings
Jul 26, 2021
Electronic Filing System Acknowledgment Receipt
Jul 26, 2021
Specification
Jul 26, 2021
Claims
Jul 26, 2021
Abstract

US11418393

APPOMNI INC

Application Number: US17385422
Filing Date: Jul 26, 2021
Status: Granted
Expiry Date: Jul 26, 2041
External Links: Slate, USPTO, Google Patents

IP Verse