公开(公告)号：US20230011957A1

公开(公告)日：2023-01-12

申请号：US17372271

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.

公开(公告)号：US11533294B2

公开(公告)日：2022-12-20

申请号：US17674936

申请日：2022-02-18

Applicant: VMware, Inc.

Inventor： Rishi Kanth Alapati ,  Parasuramji Rajendran ,  Weiming Xu ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Anuprem Chalvadi ,  Chidambareswaran Raman ,  Margaret Angeline Petrus

IPC: H04L9/40 ,  H04L41/00 ,  H04L41/0806 ,  H04L61/5007

Abstract: Described herein are systems and methods to manage blacklists and duplicate addresses in software defined networks (SDNs). In one implementation, a method includes, in a control plane and data plane of an SDN environment, obtaining a blacklist for a logical port in the SDN environment. The method further includes deleting realized address bindings in a realized address list for the logical port that match the one or more address bindings in the blacklist and preventing subsequent address bindings that match the one or more address bindings in the blacklist from being added to the realized address list.

公开(公告)号：US11140090B2

公开(公告)日：2021-10-05

申请号：US16520238

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Arnold Poon ,  Aditi Vutukuri ,  Anita Lu ,  Ming Wen

IPC: H04L12/891 ,  H04L12/26 ,  H04L12/851

Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.

公开(公告)号：US20200280537A1

公开(公告)日：2020-09-03

申请号：US16746075

申请日：2020-01-17

Applicant: VMware, Inc.

Inventor： Rishi Kanth Alapati ,  Parasuramji Rajendran ,  Weiming Xu ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Anuprem Chalvadi ,  Chidambareswaran Raman ,  Margaret Angeline Petrus

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/24

Abstract: Described herein are systems and methods to manage blacklists and duplicate addresses in software defined networks (SDNs). In one implementation, a method includes, in a control plane and data plane of an SDN environment, obtaining a blacklist for a logical port in the SDN environment. The method further includes deleting realized address bindings in a realized address list for the logical port that match the one or more address bindings in the blacklist and preventing subsequent address bindings that match the one or more address bindings in the blacklist from being added to the realized address list.

公开(公告)号：US20160224789A1

公开(公告)日：2016-08-04

申请号：US14611006

申请日：2015-01-30

Applicant: VMware, Inc.

Inventor： Azeem Feroz ,  Rahul Mathias Madan ,  Arnold Poon ,  Aditi Vutukuri

IPC: G06F21/56 ,  G06F21/53 ,  G06F9/455

CPC classification number: G06F21/566 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/561 ,  G06F21/575 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Aspects of the present invention include hypervisor based security using a hypervisor to monitor a VM. In embodiments of the present invention, the information gathered by the hypervisor in the monitoring is compared against a reference image to determine if there are possible rootkits present on the VM. If there are potential rootkits, the VM can be quarantined.

Abstract translation: 本发明的方面包括使用管理程序监视VM的基于虚拟机管理程序的安全性。 在本发明的实施例中，将监视中的管理程序收集的信息与参考图像进行比较，以确定VM上是否存在可能的rootkit。 如果有潜在的rootkit，则VM可以被隔离。

公开(公告)号：US11831667B2

公开(公告)日：2023-11-28

申请号：US17372268

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/168

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.

公开(公告)号：US11736441B2

公开(公告)日：2023-08-22

申请号：US18083311

申请日：2022-12-16

Applicant: VMware, Inc.

Inventor： Rishi Kanth Alapati ,  Parasuramji Rajendran ,  Weiming Xu ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Anuprem Chalvadi ,  Chidambareswaran Raman ,  Margaret Angeline Petrus

IPC: H04L29/08 ,  H04L12/14 ,  H04L29/12 ,  H04L9/40 ,  H04L41/0806 ,  H04L41/00 ,  H04L61/5007

CPC classification number: H04L63/0236 ,  H04L41/0806 ,  H04L41/20 ,  H04L61/5007

Abstract: Described herein are systems and methods to manage blacklists and duplicate addresses in software defined networks (SDNs). In one implementation, a method includes, in a control plane and data plane of an SDN environment, obtaining a blacklist for a logical port in the SDN environment. The method further includes deleting realized address bindings in a realized address list for the logical port that match the one or more address bindings in the blacklist and preventing subsequent address bindings that match the one or more address bindings in the blacklist from being added to the realized address list.

公开(公告)号：US11689499B2

公开(公告)日：2023-06-27

申请号：US17466165

申请日：2021-09-03

Applicant: VMware, Inc.

Inventor： Parasuramji Rajendran ,  Rishi Kanth Alapati ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Chidambareswaran Raman ,  Margaret Angeline Petrus ,  Anuprem Chalvadi ,  Pallavi Moghe ,  Weiming Xu

IPC: H04L61/5014 ,  H04L61/103 ,  G06F9/455 ,  H04L45/745 ,  H04L45/64 ,  H04L45/02

CPC classification number: H04L61/5014 ,  G06F9/45558 ,  H04L45/02 ,  H04L45/64 ,  H04L45/745 ,  H04L61/103 ,  G06F2009/45595

Abstract: Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical ports based on the discovered list and the IP address discovery configuration.

公开(公告)号：US20230011043A1

公开(公告)日：2023-01-12

申请号：US17372268

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.

公开(公告)号：US20220239683A1

公开(公告)日：2022-07-28

申请号：US17220550

申请日：2021-04-01

Applicant: VMware, Inc.

Inventor： Santhanakrishnan Kaliya Perumal ,  Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives data indicating port usage for a particular time period for each of multiple destination data compute nodes (DCNs) executing on the host computers. For each DCN of a set of the destination DCNs, identifies whether the port usage for the particular time period deviates from a historical baseline port usage for the DCN. When the port usage for a particular DCN deviates from the historical baseline for the particular DCN, the method identifies the particular DCN as a target of a security threat.