US 11,809,548 B2
Runtime security analytics for serverless workloads
Akram Ismail Sheriff, San Jose, CA (US); and Timothy David Keanini, Austin, TX (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Oct. 22, 2020, as Appl. No. 17/077,592.
Prior Publication US 2022/0129540 A1, Apr. 28, 2022
Int. Cl. G06F 21/52 (2013.01); G06N 20/00 (2019.01); G06F 21/56 (2013.01)
CPC G06F 21/52 (2013.01) [G06F 21/566 (2013.01); G06N 20/00 (2019.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a computer system, a serverless function configured to execute in a cloud computing environment;
executing, by the computer system, the serverless function within a container-based application environment;
determining by the computer system, a first execution parameter associated with the execution of the serverless function, using a monitoring component executing within the container-based application environment;
determining a threshold value associated with the first execution parameter, wherein the threshold value is based at least in part on a runtime security threat associated with the serverless function;
comparing, by the computer system, the first execution parameter to the threshold value associated with the first execution parameter; and
determining, by the computer system, that the serverless function is associated with the runtime security threat, based on comparing the first execution parameter to the threshold value.