Abstract: An orchestration system is described that is configured to receive a request to monitor compliance of an enterprise infrastructure and generate an infrastructure change that is associated with the compliance of the enterprise infrastructure, based at least in part on a set of predetermined criteria. In doing so, the orchestration system may further generate one or more infrastructure change events based at least in part on instances of the infrastructure change within the enterprise infrastructure. The orchestration system may further generate a verification report for the enterprise infrastructure, based at least in part on the one or more infrastructure change events, and transmit the verification report to a registered user associated with the request.

Abstract: Event metadata may be received at an audit function of an orchestration system for an infrastructure change event associated with an infrastructure change to an enterprise infrastructure of an enterprise. A blockchain instance of a particular decentralized secure ledger is requested from a decentralized secure ledger service via the audit function. A user identifier of a user that is responsible for the infrastructure change event is provided to the decentralized secure ledger service by the audit function. In response to the decentralized secure ledger service authenticating the user identifier, the event metadata for the infrastructure change event is sent to the blockchain instance for storage with the decentralized secure ledger service by the audit function.

Abstract: A continuous security delivery fabric is disclosed. One or more security functions, comprising one or more tasks to be performed by a security tool, utility or service is encapsulated in a componentized security policy. A target list comprising of one or more items in an information technology installation is received. One or more security functions capable of being performed on at least one item in the received target list are selected. A componentized security policy encapsulating one or more security routines orchestrating the performance of at least one of the selected security functions is then created.

Abstract: A continuous security delivery fabric is disclosed. One or more security functions, comprising one or more tasks to be performed by a security tool, utility or service is encapsulated in a componentized security policy. A target list comprising of one or more items in an information technology installation is received. One or more security functions capable of being performed on at least one item in the received target list are selected. A componentized security policy encapsulating one or more security routines orchestrating the performance of at least one of the selected security functions is then created.

Abstract: A continuous security delivery fabric is disclosed. One or more security functions, comprising one or more tasks to be performed by a security tool, utility or service is encapsulated in a componentized security policy. The componentized security policies may be scheduled to run against one or more shadow environments, which are substantive copies of an information technology installation. One or more componentized security policies are scheduled as to run substantively continuously with results of the execution of the componentized security policies against the shadow aggregated. Based on automated analysis which may include machine learning, security issues in the actual information technology installation are inferred, and remediation either recommended or automatically executed. Various embodiments, including a microservices infrastructure embodiment are disclosed.

Abstract: An orchestration system is described that is configured to receive a request to monitor compliance of an enterprise infrastructure and generate an infrastructure change that is associated with the compliance of the enterprise infrastructure, based at least in part on a set of predetermined criteria. In doing so, the orchestration system may further generate one or more infrastructure change events based at least in part on instances of the infrastructure change within the enterprise infrastructure. The orchestration system may further generate a verification report for the enterprise infrastructure, based at least in part on the one or more infrastructure change events, and transmit the verification report to a registered user associated with the request.

Abstract: Event metadata may be received at an audit function of an orchestration system for an infrastructure change event associated with an infrastructure change to an enterprise infrastructure of an enterprise. A blockchain instance of a particular decentralized secure ledger is requested from a decentralized secure ledger service via the audit function. A user identifier of a user that is responsible for the infrastructure change event is provided to the decentralized secure ledger service by the audit function. In response to the decentralized secure ledger service authenticating the user identifier, the event metadata for the infrastructure change event is sent to the blockchain instance for storage with the decentralized secure ledger service by the audit function.

Abstract: Automatic detection and remediation of cybersecurity threats to an information technology installation is disclosed. An information technology installation receives at an orchestration system a requested update which may include a configuration change, a code change, a change to a binary, or other change to the installation. A mirror instance of the installation is instantiated on a cloud infrastructure where the requested updated is applied and scanned for cybersecurity threats. Where cybersecurity threats are detected, a remediation response is identified. The update and the remediation response may either be sent to an administrator for acceptance prior to deployment to production, or may be deployed automatically, with rollback information generated in the event the administrator desires to undo the deployment.

Abstract: Automatic detection and remediation of cybersecurity threats to an information technology installation is disclosed. An information technology installation receives at an orchestration system a requested update which may include a configuration change, a code change, a change to a binary, or other change to the installation. A mirror instance of the installation is instantiated on a cloud infrastructure where the requested updated is applied and scanned for cybersecurity threats. Where cybersecurity threats are detected, a remediation response is identified. The update and the remediation response may either be sent to an administrator for acceptance prior to deployment to production, or may be deployed automatically, with rollback information generated in the event the administrator desires to undo the deployment.

Abstract: A continuous security delivery fabric is disclosed. One or more security functions, comprising one or more tasks to be performed by a security tool, utility or service is encapsulated in a componentized security policy. The componentized security policies may be scheduled to run against one or more shadow environments, which are substantive copies of an information technology installation. One or more componentized security policies are scheduled as to run substantively continuously with results of the execution of the componentized security policies against the shadow aggregated. Based on automated analysis which may include machine learning, security issues in the actual information technology installation are inferred, and remediation either recommended or automatically executed. Various embodiments, including a microservices infrastructure embodiment are disclosed.