Abstract: A method for implementing a migration action for a vulnerability includes receiving an indication that a target resource includes a vulnerability where the target resource is being hosted in a cloud environment and associated with a user of the cloud environment. The method also includes receiving a plurality of rules configured to mitigate vulnerabilities for cloud environment resources. The method further includes determining whether the plurality of rules include one or more rules corresponding to the vulnerability of the target resource. When the plurality of rules comprises the one or more rules corresponding to the vulnerability of the target resource, the method includes applying a reversible mitigation action associated with a respective rule of the one or more rules corresponding to the vulnerability of the target resource.

Abstract: A method for minimizing scan disruptions includes receiving a scan request requesting to scan a set of network-connected assets. Each network-connected asset is associated with corresponding network characteristics. The method includes partitioning the set of network-connected assets into a plurality of groups based on the corresponding network characteristics. For each respective group, simultaneously, the method includes determining an ordered list for scanning each network-connected asset in the respective group, scanning a first network-connected asset of the respective group based on the ordered list, and, after scanning the first network-connected asset, determining a post-scan health status of the first network-connected asset. The method includes determining, using the post-scan health status, that a health of the first network-connected asset is degraded.

Abstract: This technology is directed to a rules based engine for managing network-based scanning of devices on a network to minimize disruptions to the network. One or more processors may identify an initial group of network devices from a set of network devices, the initial group of network devices being identified in accordance with a rule set, and initiate a scan of the initial group of network devices. The one or more processors may determine, in accordance with the rule set, an additional group of network devices from the set of network devices to be scanned and initiate a scan of the additional group of network devices. The steps may be repeated until all network devices in the set of network devices are scanned in accordance with the rule set.

Abstract: A method for implementing a migration action for a vulnerability includes receiving an indication that a target resource includes a vulnerability where the target resource is being hosted in a cloud environment and associated with a user of the cloud environment. The method also includes receiving a plurality of rules configured to mitigate vulnerabilities for cloud environment resources. The method further includes determining whether the plurality of rules include one or more rules corresponding to the vulnerability of the target resource. When the plurality of rules comprises the one or more rules corresponding to the vulnerability of the target resource, the method includes applying a reversible mitigation action associated with a respective rule of the one or more rules corresponding to the vulnerability of the target resource.

Abstract: A method for minimizing scan disruptions includes receiving a scan request requesting to scan a set of network-connected assets. Each network-connected asset is associated with corresponding network characteristics. The method includes partitioning the set of network-connected assets into a plurality of groups based on the corresponding network characteristics. For each respective group, simultaneously, the method includes determining an ordered list for scanning each network-connected asset in the respective group, scanning a first network-connected asset of the respective group based on the ordered list, and, after scanning the first network-connected asset, determining a post-scan health status of the first network-connected asset. The method includes determining, using the post-scan health status, that a health of the first network-connected asset is degraded.

Abstract: A method for implementing a migration action for a vulnerability includes receiving an indication that a target resource includes a vulnerability where the target resource is being hosted in a cloud environment and associated with a user of the cloud environment. The method also includes receiving a plurality of rules configured to mitigate vulnerabilities for cloud environment resources. The method further includes determining whether the plurality of rules include one or more rules corresponding to the vulnerability of the target resource. When the plurality of rules comprises the one or more rules corresponding to the vulnerability of the target resource, the method includes applying a reversible mitigation action associated with a respective rule of the one or more rules corresponding to the vulnerability of the target resource.

Abstract: This technology is directed to a rules based engine for managing network-based scanning of devices on a network to minimize disruptions to the network. One or more processors may identify an initial group of network devices from a set of network devices, the initial group of network devices being identified in accordance with a rule set, and initiate a scan of the initial group of network devices. The one or more processors may determine, in accordance with the rule set, an additional group of network devices from the set of network devices to be scanned and initiate a scan of the additional group of network devices. The steps may be repeated until all network devices in the set of network devices are scanned in accordance with the rule set.