Active scanning tool for identifying customer misconfigurations of virtual machine instances

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Preethi Srinivasan · Sterling, US
• Sreekanth Reddy Polaka · Aldie, US
• Christopher Wooram Yi · Woodbridge, US
• John David Backes · Minneapolis, US
• Everett Richard Anthony · Herndon, US
• Aparna Nagargadde · Herndon, US
• Mark Edward Stalzer · Arlington, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45595
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.