Search

US-12627673-B2 - Adaptable telemetry in zero-trust computing environments

US12627673B2US 12627673 B2US12627673 B2US 12627673B2US-12627673-B2

Abstract

Systems and methods provided adaptive collection of telemetry. A policy decision point of a zero-trust computing environment receives an indication of a change in risk posture within the environment. The policy decision point identifies a telemetry definition specifying telemetry being collected by one or more IHSs that are currently accessing a protected resource of the zero-trust computing environment. The telemetry definition is updated to specify adjusted telemetry to be collected by an IHS that is currently accessing the protected resource and the updated telemetry definition is transmitted to the IHS. Based on the updated telemetry definition received from the policy decision point, the IHS adjust measurements by one or more of the sensors of the IHS. Telemetry generated based on the adjusted measurements is transmitted by the IHS to one or more destinations specified in the updated telemetry definition.

Inventors

  • Srikanth Kondapi
  • Mohit Arora
  • Girish S. Dhoble
  • Joseph Kozlowski
  • Balasingh P. Samuel

Assignees

  • DELL PRODUCTS, L.P.

Dates

Publication Date
20260512
Application Date
20231215

Claims (20)

  1. 1 . A system for adaptive collection of telemetry, the system comprising: a policy decision point of a zero-trust computing environment that controls access to a plurality of protected resources, wherein the policy decision point is configured to: receive an indication of a change in risk posture within the zero-trust computing environment; identify a telemetry definition configured to specify telemetry collected by one or more Information Handling Systems (IHSs), wherein the one or more IHSs are configured with access to a first of the protected resources of the zero-trust computing environment, wherein the telemetry definition is configured to specify a plurality of telemetry tiers that comprise: a security telemetry tier for telemetry to support validation of continued access to the first protected resource, and an analytical telemetry tier for telemetry to monitor for change in risk posture; update the telemetry definition to specify adjusted telemetry to be collected by a first IHS of the one or more IHSs with access to the first protected resource; and transmit the updated telemetry definition to the first IHS, wherein the first IHS comprises: a plurality of sensors; one or more processors operably coupled with the plurality of sensors; and a memory coupled to the one or more processors, the memory configured with stored program instructions that, upon execution by the one or more processors, cause the first IHS to perform operations that comprise: based on the updated telemetry definition received from the policy decision point, adjust measurements by one or more of the sensors of the first IHS; and transmit telemetry generated based on the adjusted measurements and the plurality of telemetry tiers to one or more destinations specified in the updated telemetry definition.
  2. 2 . The system of claim 1 , wherein the telemetry adjustment specified in the telemetry definition comprises an increase in telemetry that identifies a location of the first IHS.
  3. 3 . The system of claim 2 , wherein one or more sensors of the first IHS comprise a GPS sensor, and wherein the adjustment by the first IHS comprises an increase in frequency of location measurements by the GPS sensor.
  4. 4 . The system of claim 3 , wherein, based on access control requirements for the first protected resource, the location telemetry is used to revoke access to the first protected resource by the first IHS due to a geographic restriction on access to the first protected resource.
  5. 5 . The system of claim 1 , wherein the telemetry adjustment specified in the telemetry definition comprises an increase in a fidelity of one or more of the sensors of the first IHS used to generate the telemetry.
  6. 6 . The system of claim 5 , wherein one or more sensors of the first IHS comprise sensors used to generate user-presence telemetry.
  7. 7 . The system of claim 6 , wherein, based on access control requirements for the first protected resource, the user-presence telemetry is used to revoke access to the first protected resource due to risk of onlookers to content displayed by the first IHS.
  8. 8 . The system of claim 1 , wherein the policy decision point is further configured to transmit an identical updated telemetry definition to each of the one or more IHSs with access to the first protected resource in order to adjust telemetry by each of the IHSs identically.
  9. 9 . The system of claim 8 , wherein the identical updated telemetry definition is configured to increase telemetry by each of the IHSs based on a session with the first protected resource.
  10. 10 . The system of claim 9 , wherein the first protected resource comprises a data store and the increased telemetry comprises session information for user transactions with the data store.
  11. 11 . The system of claim 1 , wherein the policy decision point is comprised of one or more server IHSs that each collect and transmit telemetry based on telemetry definitions.
  12. 12 . The system of claim 1 , wherein the first IHS further comprises a remote access controller configured to receive the updated telemetry definition from the policy decision point and convert the telemetry definition into the adjustments to one or more of the sensors of the first IHS.
  13. 13 . The system of claim 12 , wherein the remote access controller is configured to receive the updated telemetry definition via a sideband network connection utilized by the remote access controller in remote management of the first IHS.
  14. 14 . The system of claim 12 , wherein the first IHS further comprises a sensor hub configured to generate the transmitted telemetry that is based on the sensor adjustments made by the remote access controller based on the telemetry definition.
  15. 15 . The system of claim 1 , wherein the telemetry adjustment specified in the updated telemetry definition comprises a change to a telemetry level in use by first IHS.
  16. 16 . A method for adaptive collection of telemetry, the method comprising: receiving, by a policy decision point of a zero-trust computing environment controlling access to a plurality of protected resources, an indication of a change in risk posture within the zero-trust computing environment; identifying, by the policy decision point, a telemetry definition specifying telemetry being collected by one or more Information Handling System (IHSs), wherein the one or more IHSs are currently accessing a first of the protected resources of the zero-trust computing environment, wherein the telemetry definition is configured to specify a plurality of telemetry tiers that comprise: a security telemetry tier for telemetry to support validation of continued access to the first protected resource, an analytical telemetry tier for telemetry to monitor for change in risk posture, and a low-priority telemetry tier for optional telemetry; updating, by the policy decision point, the telemetry definition to specify adjusted telemetry to be collected by a first IHS of the one or more IHSs that are currently accessing the first protected resource and disabling or enabling one or more telemetry tiers; transmitting, by the policy decision point, the updated telemetry definition to the first IHS; based on the updated telemetry definition received from the policy decision point, adjusting, by the first IHS, measurements by one or more sensors of the first IHS; and transmitting, by the first IHS, telemetry generated based on the adjusted measurements and the plurality of telemetry tiers to one or more destinations specified in the updated telemetry definition.
  17. 17 . The method of claim 16 , wherein the telemetry adjustment specified in the telemetry definition comprises an increase in telemetry that identifies a location of the first IHS.
  18. 18 . The method of claim 16 , wherein the telemetry adjustment specified in the telemetry definition comprises an increase in a fidelity of one or more of the sensors of the first IHS used to generate the telemetry.
  19. 19 . An Information Handling System (IHS) configured to support adaptive telemetry, the IHS comprising: one or more processors; a memory coupled to the one or more processors, the memory configured with stored program instructions that, upon execution by the one or more processors, cause a policy decision point operating on the IHS to: receive an indication of a change in risk posture within a zero-trust computing environment; identify a telemetry definition with a specification of telemetry collected by one or more IHSs with access to a first protected resource of the zero-trust computing environment, wherein the telemetry definition is configured to specify a plurality of telemetry tiers that comprise: a security telemetry tier for telemetry to support validation of continued access to the first protected resource, an analytical telemetry tier for telemetry to monitor for change in risk posture, and a low-priority telemetry tier for optional telemetry; update the telemetry definition to specify adjusted telemetry to be collected by a first IHS of the one or more IHSs with access to the first protected resource and disable or enable one or more telemetry tiers; transmit the updated telemetry definition to the first IHS, wherein measurements by one or more sensors of the first IHS are adjusted based on the updated telemetry definition; and receive telemetry from the first IHS generated based on the updated telemetry definition.
  20. 20 . The IHS of claim 19 , wherein the telemetry adjustment specified in the telemetry definition comprises an increase in telemetry with an identification of a location of the first IHS.

Description

FIELD This disclosure relates generally to Information Handling Systems (IHSs), and, more specifically, to supporting management of networks of IHSs. BACKGROUND As the value and use of information continue to increase, individuals and businesses seek additional ways to process and store information. One option is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user, or for a specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems. The operation of an IHS may be characterized by telemetry data that provides information describing the IHS's operation, in some instances providing measurable information. For instance, IHS telemetry may include environmental sensor readings, such a temperature sensor measurement, or an operational sensor reading, such as the amps being drawn by a hardware component of the IHS. Telemetry generated by an IHS may also provide discrete information, such as the operational status of a hardware component. Telemetry generated by an IHS may also provide a logical rather than physical sensor measurement, such as a telemetry relating the amount of data transferred by a networking component of the IHS. Such telemetry data may collected and used in the management of an IHS. SUMMARY In various embodiments, systems and methods are provided for adaptive collection of telemetry, that include a policy decision point of a zero-trust computing environment that controls access to a plurality of protected resources, wherein the policy decision point is configured to: receive an indication of a change in risk posture within the zero-trust computing environment; identify a telemetry definition specifying telemetry being collected by one or more IHSs that are currently accessing a first of the protected resources of the zero-trust computing environment; update the telemetry definition to specify adjusted telemetry to be collected by a first IHS of the one or more IHSs that are currently accessing the first protected resource; transmit the updated telemetry definition to the first IHS; and the first IHS comprising a plurality of sensors, one or more processors, and a memory coupled to the processors, the memory storing program instructions that, upon execution by the processors, cause the first IHS to: based on the updated telemetry definition received from the policy decision point, adjust measurements by one or more of the sensors of the first IHS; and transmit telemetry generated based on the adjusted measurements to one or more destinations specified in the updated telemetry definition. In some embodiments, the telemetry adjustment specified in the telemetry definition comprises an increase in telemetry that identifies a location of the first IHS. In some embodiments, the one or more sensors of the first IHS comprise a GPS sensor, and wherein the adjustment by the first IHS comprises an increase in the frequency of location measurements by the GPS sensor. In some embodiments, based on access control requirements for the first protected resource, the location telemetry is used to revoke access to the first protected resource by the first IHS due geographic restrictions on access to the first protected resource. In some embodiments, the telemetry adjustment specified in the telemetry definition comprises an increase in a fidelity of one or more of the sensors of the first IHS used to generate the telemetry. In some embodiments, the one or more sensors of the first IHS comprises sensors used in generating user-presence telemetry. In some embodiments, based on access control requirements for the first protected resource, the user-presence telemetry is used to revoke access to the first protected resource due to the risk of onlookers to content displayed by the first IHS. In some embodiments, the policy decision point is further configured to transmit the identical updated telemetry definition to each of the one or more IHSs that are currently accessing the first protected resource in order to adjust telemetry by each of the IHSs identically. In some embodiments, transmission of the identical telemetry definition to each of the one or more IHSs that are current