-
公开(公告)号:US11831667B2
公开(公告)日:2023-11-28
申请号:US17372268
申请日:2021-07-09
Applicant: VMware, Inc.
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
CPC classification number: H04L63/1425 , H04L63/1416 , H04L63/168
Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.
-
公开(公告)号:US20230179572A1
公开(公告)日:2023-06-08
申请号:US17543294
申请日:2021-12-06
Applicant: VMware, Inc.
Inventor: Kavya Kambi Ravi , Radha Popuri , Sunitha Krishna , Margaret Petrus
IPC: H04L9/40
CPC classification number: H04L63/0263 , H04L63/20
Abstract: Some embodiments provide a method for modifying a set of firewall rules for implementation in a network. The method receives (i) a set of existing firewall rules and (ii) a set of flows observed in the network that do not match the firewall rules in the set. The method identifies an optimized set of modifications to the set of existing firewall rules to generate a set of modified firewall rules such that (i) the set of flows match firewall rules in the set of modified firewall rules and (ii) any flows that matched firewall rules in the set of existing firewall rules also match firewall rules in the set of modified firewall rules.
-
公开(公告)号:US20230179571A1
公开(公告)日:2023-06-08
申请号:US17543254
申请日:2021-12-06
Applicant: VMware, Inc.
Inventor: Kavya Kambi Ravi , Radha Popuri , Sunitha Krishna , Margaret Petrus , Yiwei Zhang
IPC: G06F21/62
CPC classification number: H04L63/0263 , H04L63/20
Abstract: Some embodiments provide a method for modifying a firewall rule of a security policy implemented in a network. The method identifies a set of compute machines to be added to a match condition for the firewall rule. The match condition is expressed using one or more groups of compute machines. The method selects a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups. The method uses the selected set of groups for the match condition of the firewall rule.
-
公开(公告)号:US20230011043A1
公开(公告)日:2023-01-12
申请号:US17372268
申请日:2021-07-09
Applicant: VMware, Inc.
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
IPC: H04L29/06
Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.
-
公开(公告)号:US20220239683A1
公开(公告)日:2022-07-28
申请号:US17220550
申请日:2021-04-01
Applicant: VMware, Inc.
Inventor: Santhanakrishnan Kaliya Perumal , Tejas Sanjeev Panse , Aditi Vutukuri , Rajiv Mordani , Margaret Petrus
IPC: H04L29/06
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives data indicating port usage for a particular time period for each of multiple destination data compute nodes (DCNs) executing on the host computers. For each DCN of a set of the destination DCNs, identifies whether the port usage for the particular time period deviates from a historical baseline port usage for the DCN. When the port usage for a particular DCN deviates from the historical baseline for the particular DCN, the method identifies the particular DCN as a target of a security threat.
-
Patent Agency Ranking
公开(公告)号:US20200241903A1
公开(公告)日:2020-07-30
申请号:US16258016
申请日:2019-01-25
Applicant: VMware, Inc.
Inventor: Bin Wang , Aditi Vutukuri , Lan Luo , Margaret Petrus
Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve containerized application visibility. An example apparatus includes a container application manager to build an inventory of the containerized application, the containerized application including a virtual machine, the virtual machine hosting one or more containers, and a network topology builder to invoke a virtual machine agent of the virtual machine to obtain network traffic events from the one or more containers to generate network topology information associated with the containerized application based on the inventory, generate a network topology for the containerized application based on the network topology information, build the visualization based on the network topology, the visualization including the inventory and the network topology information, and launch a user interface to display the visualization to execute one or more computing tasks.
-
公开(公告)号:US11792151B2
公开(公告)日:2023-10-17
申请号:US17507548
申请日:2021-10-21
Applicant: VMware, Inc.
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
IPC: H04L61/10 , H04L61/2521 , H04L61/5053 , H04L61/256
CPC classification number: H04L61/10 , H04L61/2521 , H04L61/2571 , H04L61/5053
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.
-
公开(公告)号:US11765179B2
公开(公告)日:2023-09-19
申请号:US17677039
申请日:2022-02-22
Applicant: VMware, Inc.
Inventor: Karen Hayrapetyan , Sunitha Krishna , Nikash Walia , Margaret Petrus
IPC: G06F15/177 , H04L41/0813 , H04L9/40 , H04L41/12
CPC classification number: H04L41/0813 , H04L41/12 , H04L63/104
Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.
-
9.发明申请公开(公告)号:US20220398255A1
公开(公告)日:2022-12-15
申请号:US17837334
申请日:2022-06-10
Applicant: VMware, Inc.
Inventor: Anthony Fenzl , Vinith Podduturi , Kamalika Das , Karen Hayrapetyan , Margaret Petrus
Abstract: Some embodiments provide a mechanism to automatically group workloads of a network into clusters of related workloads. The method of some embodiments displays consolidated workload data for a network. The method, for each of multiple workloads: (1) receives a set of identifiers characterizing the workload; and (2) converts the set of identifiers to a vector representation of the workload. The method then identifies clusters of workloads based on the vector representations of the workloads. The method then displays the workloads grouped in the identified clusters and displays data flows between the clusters of workloads. Converting the set of identifiers to a vector representation of the workload may include applying a similarity metric to the set of identifiers.
-
公开(公告)号:US20220239675A1
公开(公告)日:2022-07-28
申请号:US17220553
申请日:2021-04-01
Applicant: VMware, Inc.
IPC: H04L29/06
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.02 seconds)
