公开(公告)号：US11558255B2

公开(公告)日：2023-01-17

申请号：US16744123

申请日：2020-01-15

Applicant: VMware, Inc.

Inventor： Mengzhuo Lu ,  Margaret Petrus

IPC: H04L12/24 ,  H04L41/0873 ,  H04L41/22 ,  H04L43/10 ,  H04L41/0654 ,  H04L43/0817 ,  H04L41/0631

Abstract: Example methods and systems for logical network health check. One example may comprise obtaining network configuration information and network realization information associated with a logical network; processing the network configuration information and the network realization information to determine the following: (a) network configuration health information specifying a network configuration issue and a first remediation action; and (b) network realization health information specifying a network realization issue and a second remediation action; and providing, to a user device, multiple user interfaces (UIs) specifying the first health information and the second health information along with a visualization of the logical network. In response to detecting an instruction initiated by the user device using at least one of the multiple UIs, the first remediation action or the second remediation action may be performed.

公开(公告)号：US20230011397A1

公开(公告)日：2023-01-12

申请号：US17372264

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a system for detecting threats to a datacenter. The system includes a set of processing units and a set of non-transitory machine-readable media storing an analysis appliance. The analysis appliance includes multiple event detectors that analyze information received from host computers in the datacenter to identify anomalous events occurring in the datacenter. The analysis appliance includes a graph generation module that generates a graph of connections between data compute nodes (DCNs) in the datacenter based on the information received from the host computers. The analysis appliance includes a lateral movement threat detection module that (i) uses the graph of connections to identify a set of connections between a set of the DCNs based on a particular anomalous event and (ii) uses the set of connections and the identified anomalous events to determine whether the set of connections is indicative of a lateral movement attack on the datacenter.

公开(公告)号：US20220417096A1

公开(公告)日：2022-12-29

申请号：US17355829

申请日：2021-06-23

Applicant: VMware, Inc.

Inventor： Aditi Vutukuri ,  Tejas Sanjeev Panse ,  Margaret Petrus ,  Arnold Koon-Chee Poon ,  Rajiv Mordani

IPC: H04L12/24 ,  H04L12/26

Abstract: Some embodiments provide a method for identifying policy misconfiguration in a datacenter. Based on flow data received for a plurality of data compute nodes (DCNs) in the datacenter, the method determines that an anomalous amount of data traffic relating to a particular DCN has been dropped. The method uses (i) the received flow data for the particular DCN and (ii) a set of recent policy configuration changes to determine policy configuration changes that contributed to the anomalous amount of dropped data traffic relating to the particular DCN. The method generates an alert for presentation to a user indicating the anomalous amount of data traffic and the contributing policy configuration changes.