公开(公告)号：US11997120B2

公开(公告)日：2024-05-28

申请号：US17372271

申请日：2021-07-09

Applicant: VMware LLC

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/20

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.

公开(公告)号：US11991187B2

公开(公告)日：2024-05-21

申请号：US17220553

申请日：2021-04-01

Applicant: VMware LLC

Inventor： Tejas Sanjeev Panse ,  Santhanakrishnan Kaliya Perumal ,  Aditi Vutukuri ,  Margaret Petrus

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.

公开(公告)号：US11949660B2

公开(公告)日：2024-04-02

申请号：US17872846

申请日：2022-07-25

Applicant: VMware LLC

Inventor： Arnold Poon ,  Sirisha Myneni ,  Rajiv Mordani ,  Aditi Vutukuri

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/103 ,  H04L69/22

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L61/103 ,  H04L63/0245 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L69/22

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.