公开(公告)号：US20220286435A1

公开(公告)日：2022-09-08

申请号：US17824054

申请日：2022-05-25

Applicant: VMware, Inc.

Inventor： ARJUN KOCHHAR ,  SUMAN ALUVALA ,  AMIT YADAV ,  AMAN SRIVASTAVA

IPC: H04L9/40 ,  G06N20/00 ,  H04W12/40

Abstract: Disclosed are various examples for securing enterprise resources using a virtual private network. At least one computing device that can authenticate a client device for a virtual private network (VPN) connection based on a first device identifier received from the client device and a second device identifier received from a remote management service. The at least one computing device can determine that a network event associated with the client device has been observed and execute a machine learning routine to identify a pattern of access for the client device. A network access anomaly is determined in response to a network interaction of the client device deviating from the pattern of access for the client device. A remedial action is performed based on an anomaly type associated with the network access anomaly.

公开(公告)号：US20220166858A1

公开(公告)日：2022-05-26

申请号：US17667188

申请日：2022-02-08

Applicant: VMWARE, INC.

Inventor： SUMAN ALUVALA ,  CRAIG FARLEY NEWELL ,  AMIT KUMAR YADAV ,  PAVAN RAJKUMAR RANGAIN ,  ROHIT PRADEEP SHETTY

IPC: H04L69/22 ,  H04L69/16 ,  H04L69/326 ,  H04L12/46 ,  H04L9/40 ,  H04W88/18

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The first connection is established based on authentication of user information received from the first connection endpoint. The method further provides adding the user information to a packet header of one or more first packets carrying a request to establish a second connection between the gateway and a second connection endpoint within the network environment. Also, the method provides transferring the one or more first packets towards the second connection endpoint.