公开(公告)号：US20210019414A1

公开(公告)日：2021-01-21

申请号：US16558341

申请日：2019-09-03

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  SUNIL HASBE

IPC: G06F21/57 ,  G06F21/56 ,  G06F21/55 ,  G06F9/455

Abstract: A system and method for automatically adjusting a learning mode duration on a virtual computing instance for an application security system extends a minimum duration of time for the learning mode duration for a guest agent running in the virtual computing instance based on a condition with respect to suspicious activities and deviations from normal behaviors detected during a fixed time interval. The guest agent is switched to a protected mode when the condition with respect to the suspicious activities and the deviations from the normal behaviors is satisfied for any fixed time interval after the minimum duration of time.

公开(公告)号：US20210173689A1

公开(公告)日：2021-06-10

申请号：US16805873

申请日：2020-03-02

Applicant: VMWARE, INC.

Inventor： SUNIL HASBE ,  SHIRISH VIJAYVARGIYA

IPC: G06F9/455 ,  G06F11/14 ,  G06F21/56

Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.

公开(公告)号：US20240015184A1

公开(公告)日：2024-01-11

申请号：US17903035

申请日：2022-09-05

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  NAKUL OGALE ,  SUNIL HASBE ,  ROSHAN KOLHE

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  H04L63/1433 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2009/45562

Abstract: A method of applying a security policy to a virtual computing instance, according to an embodiment, includes: determining that a universally unique identifier (UUID) of the virtual computing instance does not match an identifier stored in a configuration file of the virtual computing instance; transmitting a request to register the virtual computing instance with a cloud platform for managing security policies of a virtual infrastructure that includes the virtual computing instance, the request including the UUID of the virtual computing instance and the identifier stored in the configuration file of the virtual computing instance; in response to the request, receiving an identifier of a security policy to be applied; and retrieving the security policy and applying the security policy to the virtual computing instance.

公开(公告)号：US20240020146A1

公开(公告)日：2024-01-18

申请号：US17950132

申请日：2022-09-22

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  SUNIL HASBE

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: Computer-implemented methods, media, and systems for providing container visibility and observability are disclosed. In one computer-implemented method, a host device connected to a cloud server detects a plurality of events comprising a first event, wherein the host device hosts a plurality of containers that generate the plurality of events. The host device identifies a first container identifier of the first event, checks a container tracking database to determine if the container tracking database includes the first container identifier. In response to determining that the container tracking database does not include the first container identifier, the host device creates a container start event indicating a start of a first container identified by the first container identifier, and sends the container start event to the cloud server for providing a container inventory that reflects statuses of the plurality of events and the plurality of containers in the host device.

公开(公告)号：US20240012943A1

公开(公告)日：2024-01-11

申请号：US17938985

申请日：2022-09-07

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  PANKAJ MAHESHKUMAR MANSUKHANI ,  SUNIL HASBE ,  SARJERAO PATIL ,  SATYAJEET KUMAR

IPC: G06F21/64 ,  G06F21/62 ,  G06F21/60

CPC classification number: G06F21/64 ,  G06F21/6209 ,  G06F21/602

Abstract: An example method of securing communication between a client and a security agent executing in a host includes: receiving, at the security agent, a connection request from the client; obtaining, by the security agent from an operating system executing in the host, a process identifier for the client; identifying, by the security agent, a file path for a process binary from which the client executed; verifying at least a portion of the file path against an expected value known by the security agent; validating a signature of the process binary; and accepting, at the security agent, the connection request from the client in response to successful verification of the file path and successful validation of the signature.

公开(公告)号：US20220197716A1

公开(公告)日：2022-06-23

申请号：US17174381

申请日：2021-02-12

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  SUNIL HASBE ,  SACHIN SHINDE

IPC: G06F9/50 ,  G06F9/455 ,  H04L29/06

Abstract: In an example, a behavioural characteristic of a workload running on a first host computing device in a data center may be monitored. Further, a security requirement of the workload may be determined based on the behavioural characteristic of the workload. Furthermore, a second host computing device that supports the security requirement of the workload may be determined. Further, a recommendation may be generated to migrate the workload running on the first host computing device to the second host computing device in the data center.

公开(公告)号：US20210288937A1

公开(公告)日：2021-09-16

申请号：US16874706

申请日：2020-05-15

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  SUNIL HASBE ,  NAKUL OGALE ,  SACHIN SHINDE

IPC: H04L29/12

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.