公开(公告)号：US20200236119A1

公开(公告)日：2020-07-23

申请号：US16250354

申请日：2019-01-17

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnager ,  Amit Vasant Patil ,  Amol Khare ,  Mandar Nadgouda ,  Mahesh Kumar ,  Gavin Lu ,  Tiejun Chen ,  Vasudev Yendapally

IPC: H04L29/06 ,  G06F9/455

Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior.

公开(公告)号：US11507653B2

公开(公告)日：2022-11-22

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

公开(公告)号：US20200065478A1

公开(公告)日：2020-02-27

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

公开(公告)号：US11706237B2

公开(公告)日：2023-07-18

申请号：US17509289

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnager ,  Amit Vasant Patil ,  Amol Khare ,  Mandar Nadgouda ,  Mahesh Kumar ,  Gavin Lu ,  Tiejun Chen ,  Vasudev Yendapally

IPC: G06F9/455 ,  H04L9/40

CPC classification number: H04L63/1425 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45595

Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a baseline behavior profile for a gateway virtual machine is transmitted from a management service to a gateway security process executed in a gateway device. The management service receives an anomaly notification including an indication of an anomaly from the baseline behavior profile. The managements service generates a user interface that shows a description of the anomaly.

公开(公告)号：US11184375B2

公开(公告)日：2021-11-23

申请号：US16250354

申请日：2019-01-17

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnager ,  Amit Vasant Patil ,  Amol Khare ,  Mandar Nadgouda ,  Mahesh Kumar ,  Gavin Lu ,  Tiejun Chen ,  Vasudev Yendapally

IPC: G06F9/455 ,  H04L29/06

Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior.