Security policy recommendation generation

    公开(公告)号:US11349876B2

    公开(公告)日:2022-05-31

    申请号:US16554414

    申请日:2019-08-28

    申请人: VMware, Inc.

    摘要: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

    SECURITY POLICY RECOMMENDATION GENERATION

    公开(公告)号:US20210029166A1

    公开(公告)日:2021-01-28

    申请号:US16554414

    申请日:2019-08-28

    申请人: VMware, Inc.

    IPC分类号: H04L29/06 G06N5/04 G06N20/00

    摘要: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

    AUTOMATED SECURITY POLICY MODIFICATION
    3.
    发明公开

    公开(公告)号:US20230179572A1

    公开(公告)日:2023-06-08

    申请号:US17543294

    申请日:2021-12-06

    申请人: VMware, Inc.

    IPC分类号: H04L9/40

    CPC分类号: H04L63/0263 H04L63/20

    摘要: Some embodiments provide a method for modifying a set of firewall rules for implementation in a network. The method receives (i) a set of existing firewall rules and (ii) a set of flows observed in the network that do not match the firewall rules in the set. The method identifies an optimized set of modifications to the set of existing firewall rules to generate a set of modified firewall rules such that (i) the set of flows match firewall rules in the set of modified firewall rules and (ii) any flows that matched firewall rules in the set of existing firewall rules also match firewall rules in the set of modified firewall rules.

    REUSE OF GROUPS IN SECURITY POLICY
    4.
    发明公开

    公开(公告)号:US20230179571A1

    公开(公告)日:2023-06-08

    申请号:US17543254

    申请日:2021-12-06

    申请人: VMware, Inc.

    IPC分类号: G06F21/62

    CPC分类号: H04L63/0263 H04L63/20

    摘要: Some embodiments provide a method for modifying a firewall rule of a security policy implemented in a network. The method identifies a set of compute machines to be added to a match condition for the firewall rule. The match condition is expressed using one or more groups of compute machines. The method selects a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups. The method uses the selected set of groups for the match condition of the firewall rule.