REMEDIATING FALSE POSITIVES OF INTRUSION DETECTION SYSTEMS WITH GUEST INTROSPECTION

    公开(公告)号:US20220014425A1

    公开(公告)日:2022-01-13

    申请号:US16927542

    申请日:2020-07-13

    Applicant: VMware, Inc.

    Abstract: The disclosure provides an approach for remediating false positives for a network security monitoring component. Embodiments include receiving an alert related to network security for a virtual computing instance (VCI). Embodiments include collecting, in response to receiving the alert, context information from the VCI. Embodiments include providing a notification to a management plane based on the alert and the context information. Embodiments include receiving, from the management plane, in response to the notification, an indication of whether the alert is a false positive. Embodiments include training a model based on the alert, the context information, and the indication to determine whether a given alert is a false positive.

    SECURITY THREAT ANALYSIS
    2.
    发明公开

    公开(公告)号:US20240236142A1

    公开(公告)日:2024-07-11

    申请号:US18095536

    申请日:2023-01-11

    Applicant: VMware, Inc.

    CPC classification number: H04L63/1441 H04L63/0263 H04L63/1416

    Abstract: Example methods and systems for security threat analysis are described. One example may involve a first computer system configuring a test packet that includes malicious content for forwarding along a network path between (a) a first network element that is connected with a first virtualized computing instance and (b) a second network element that is connected with a second virtualized computing instance. The test packet may be injected at the first network element and forwarded towards the second network element. In response to a security checkpoint detecting the test packet, the security checkpoint may apply one or more security policies on the test packet; and generate and send report information towards a management entity. The report information may indicate whether the malicious content in the test packet is detectable based on the one or more security policies.

    CONTEXT-AWARE INTRUSION DETECTION SYSTEM

    公开(公告)号:US20220210167A1

    公开(公告)日:2022-06-30

    申请号:US17137385

    申请日:2020-12-30

    Applicant: VMware, Inc.

    Abstract: Example methods and systems for context-aware intrusion detection are described. In one example, in response to determination that there is a matching intrusion detection signature based on packet flow information associated with a packet, a computer system may generate an intrusion detection alert that identifies the matching intrusion detection signature and the packet flow information. Further, the computer system may map the intrusion detection alert to contextual information, and generate a context-aware intrusion detection alert to trigger a context-aware remediation action based on at least the contextual information. The intrusion detection alert may be enhanced with context information associated with at least one of the following: the virtualized computing instance, a client device associated with the virtualized computing instance, and a user operating the client device.

Patent Agency Ranking