-
公开(公告)号:US20200228495A1
公开(公告)日:2020-07-16
申请号:US16352901
申请日:2019-03-14
Applicant: VMWARE, INC.
Inventor: NAKUL OGALE , Nilesh Awate
IPC: H04L29/12 , H04L29/08 , H04L12/24 , H04L12/733 , H04L12/26
Abstract: Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.
-
公开(公告)号:US20240015184A1
公开(公告)日:2024-01-11
申请号:US17903035
申请日:2022-09-05
Applicant: VMWARE, INC.
Inventor: SHIRISH VIJAYVARGIYA , NAKUL OGALE , SUNIL HASBE , ROSHAN KOLHE
CPC classification number: H04L63/20 , G06F9/45558 , H04L63/1433 , G06F2009/45587 , G06F2009/45595 , G06F2009/45562
Abstract: A method of applying a security policy to a virtual computing instance, according to an embodiment, includes: determining that a universally unique identifier (UUID) of the virtual computing instance does not match an identifier stored in a configuration file of the virtual computing instance; transmitting a request to register the virtual computing instance with a cloud platform for managing security policies of a virtual infrastructure that includes the virtual computing instance, the request including the UUID of the virtual computing instance and the identifier stored in the configuration file of the virtual computing instance; in response to the request, receiving an identifier of a security policy to be applied; and retrieving the security policy and applying the security policy to the virtual computing instance.
-
公开(公告)号:US20210314237A1
公开(公告)日:2021-10-07
申请号:US16878652
申请日:2020-05-20
Applicant: VMWARE, INC.
Inventor: NAKUL OGALE , SHIRISH VIJAYVARGIYA , SACHIN SHINDE
Abstract: Example methods and systems for a computer system to perform security threat detection during service query handling are described. In one example, a process running on a virtualized computing instance supported by the computer system may generate and send a first service query specifying a query input according to a service protocol. The first service query may be detected by a security agent configured to operate in a secure enclave that is isolated from the process. Next, the security agent may generate and send a second service query specifying the query input in the first service query. It is then determined whether there is a potential security threat based on a comparison between (a) a first reply received responsive to the first service query and (b) a second reply received responsive to the second service query.
-
公开(公告)号:US20210288937A1
公开(公告)日:2021-09-16
申请号:US16874706
申请日:2020-05-15
Applicant: VMWARE, INC.
Inventor: SHIRISH VIJAYVARGIYA , SUNIL HASBE , NAKUL OGALE , SACHIN SHINDE
IPC: H04L29/12
Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.
-
-
-
Search Results
4
records
(took 0.011 seconds)
