公开(公告)号：US20220027473A1

公开(公告)日：2022-01-27

申请号：US17392127

申请日：2021-08-02

Applicant: VMware Inc.

Inventor： Nilesh Awate ,  Goresh Musalay ,  Sachin Shinde ,  VSV Vijay

IPC: G06F21/57 ,  G06F21/60 ,  G06F21/53 ,  H04N21/443 ,  H04L12/24

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.

公开(公告)号：US20200228495A1

公开(公告)日：2020-07-16

申请号：US16352901

申请日：2019-03-14

Applicant: VMWARE, INC.

Inventor： NAKUL OGALE ,  Nilesh Awate

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/24 ,  H04L12/733 ,  H04L12/26

Abstract: Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.

公开(公告)号：US11201853B2

公开(公告)日：2021-12-14

申请号：US16352901

申请日：2019-03-14

Applicant: VMWARE, INC.

Inventor： Nakul Ogale ,  Nilesh Awate

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/24 ,  H04L12/733 ,  H04L12/26

Abstract: Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.

公开(公告)号：US11507653B2

公开(公告)日：2022-11-22

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

公开(公告)号：US20200065478A1

公开(公告)日：2020-02-27

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

公开(公告)号：US20190384914A1

公开(公告)日：2019-12-19

申请号：US16215612

申请日：2018-12-10

Applicant: VMware Inc.

Inventor： Nilesh Awate ,  Goresh Musalay ,  Sachin Shinde ,  VSV Vijay

IPC: G06F21/57 ,  G06F21/60

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.

公开(公告)号：US11080402B2

公开(公告)日：2021-08-03

申请号：US16215612

申请日：2018-12-10

Applicant: VMware Inc.

Inventor： Nilesh Awate ,  Goresh Musalay ,  Sachin Shinde ,  V S V Vijay

IPC: G06F21/57 ,  G06F21/60 ,  H04L12/24 ,  G06F21/53 ,  H04N21/443

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.