US Patent 10277622 Enterprise level cybersecurity automatic remediation

Automatic detection and remediation of cybersecurity threats to an information technology installation is disclosed. An information technology installation receives at an orchestration system a requested update which may include a configuration change, a code change, a change to a binary, or other change to the installation. A mirror instance of the installation is instantiated on a cloud infrastructure where the requested updated is applied and scanned for cybersecurity threats. Where cybersecurity threats are detected, a remediation response is identified. The update and the remediation response may either be sent to an administrator for acceptance prior to deployment to production, or may be deployed automatically, with rollback information generated in the event the administrator desires to undo the deployment. Information as to whether an administrator accepts or rejects an update and/or a remediation are stored in a community database to assist others to evaluate the update and/or remediation for their use.