CPC H04L 63/1433 (2013.01) [G06F 9/4416 (2013.01); H04L 63/029 (2013.01); H04L 63/0227 (2013.01); H04L 63/0838 (2013.01); H04L 63/0876 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, causes the one or more computing devices to perform the steps of:
detecting a connection of an application gateway for one or more applications associated with an enterprise network to a threat management facility for the enterprise network by receiving a notification of the connection from a cloud computing platform that hosts the threat management facility;
storing connection information for the connection of the application gateway in a connect data table associated with the threat management facility, the connection information including a time stamp for a time of creation of the connection;
detecting a disconnection of the application gateway from the threat management facility;
storing disconnection information for the disconnection of the application gateway in a disconnect data table associated with the threat management facility, the disconnection information including a second time stamp for a second time of the disconnection;
asynchronously analyzing the connection and disconnection to determine if the disconnection occurred according to a connection reset rule for the cloud computing platform hosting the threat management facility by applying one or more rules to the connection information stored in the connect data table and the disconnection information stored in the disconnect data table; and
in response to determining that the disconnection did not occur according to the connection reset rule for the cloud computing platform, initiating a remediation of the application gateway.
|