Abstract: In an embodiment, a method for deep application discovery and forensics of a reference system includes a computing device, such as an orchestrator, receiving and/or obtaining from an inspection layer executing on the reference system, during runtime of the reference system, architecture and configuration information describing the reference system. Also, the computing device generates, during runtime of the reference system, dependency matrices describing relationships between components of the reference system which allow for generation, during runtime of the reference system, at least one threat model describing vulnerabilities of the reference system based on the dependency matrices. The inspection layer identifies the applications and databases accessed by the applications.

Abstract: In an embodiment, a method for deep application discovery and forensics of a reference system includes a computing device, such as an orchestrator, receiving and/or obtaining from an inspection layer executing on the reference system, during runtime of the reference system, architecture and configuration information describing the reference system. Also, the computing device generates, during runtime of the reference system, dependency matrices describing relationships between components of the reference system which allow for generation, during runtime of the reference system, at least one threat model describing vulnerabilities of the reference system based on the dependency matrices. The inspection layer identifies the applications and databases accessed by the applications.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to collect all data socket descriptor databases from individual servers operating in a data center, each data socket descriptor database storing attributes of a base socket and one or more data socket descriptors used by an application or application instance operating on an individual server. The logic is also configured to cause the processing circuit to store data from the data socket descriptor databases for all applications and application instances operating in the data center in a central data socket descriptor database, the central data socket descriptor database being configured to store attributes of all data socket descriptors used by all applications or application instances operating in the data center.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic causes the processing circuit to monitor a plurality of application instances operating on a first host. The logic also causes the processing circuit to detect that a first application thread has been called by a first application instance operating on the first host and determine whether the first application thread is registered to be called by the first application instance on the first host by consulting a registration index. Moreover, the logic causes the processing circuit to quarantine the first application thread in response to a determination that the first application thread is not registered to be called by the first application instance on the first host.