Network policy implementation in a tag-based policy architecture

    公开(公告)号:US10652281B1

    公开(公告)日:2020-05-12

    申请号:US15692890

    申请日:2017-08-31

    Applicant: VMware, Inc.

    Abstract: A technique implements network policy deployed in a tag-based policy architecture of a virtualized computing environment. One or more virtual machine instances (VMIs) may be provided by a virtual data center (VDC) of the environment, wherein each VMI includes an intermediary manager of a computing cell that also includes a guest operating system (OS) and associated applications. The tag-based policy architecture may be configured to enforce the network policy in the virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources, such as the VMIs, coupled to a computer network and to authorize access to protected resources, such as virtualized network resources of the VDC.

    Threat defense techniques
    3.
    发明授权

    公开(公告)号:US10552606B2

    公开(公告)日:2020-02-04

    申请号:US15863574

    申请日:2018-01-05

    Applicant: VMware, Inc.

    Abstract: In an approach, an intermediary guest manager operates within a virtual machine hosted by a host machine and managed by a hypervisor. The intermediary guest manager manages one or more guest operating systems operating within the virtual machine and implements one or more security services for the guest operating systems. The security services provided to the guest operating systems may include system call filtering, memory protections, secure memory dumps, and others. In some cases, the intermediary guest manager consults a threat defense policy which contains a number of records, where each record has one or more triggers representing suspicious activity and one or more actions to take in response to being triggered. When the intermediary guest manager identifies a request, such as a system call or memory access, that meets the trigger of a particular record, the intermediary guest manager executes the associated actions to remediate the suspicious activity.

    Anomaly Detection System for Microservice-Based Applications

    公开(公告)号:US20230409412A1

    公开(公告)日:2023-12-21

    申请号:US17843474

    申请日:2022-06-17

    Applicant: VMware, Inc.

    CPC classification number: G06F9/541

    Abstract: In one set of embodiments, a computer system can receive one or more application programming interface (API) call traces comprising metadata of API calls made by a microservice-based application and can evaluate the one or more API call traces against a baseline of normal API call behavior for the application. The computer system can then generate, based on the evaluation, a prediction for each of the one or more API call traces indicating whether the API call corresponding to the API call trace is normal or anomalous.

Patent Agency Ranking