公开(公告)号：US20240163294A1

公开(公告)日：2024-05-16

申请号：US17985089

申请日：2022-11-10

Applicant: VMware LLC

Inventor： Robin Manhas ,  Nafisa Mandliwala ,  Sirisha Myneni ,  Srinivas Ramaswamy

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.

公开(公告)号：US12095780B2

公开(公告)日：2024-09-17

申请号：US17374633

申请日：2021-07-13

Applicant: VMware LLC

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1466 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method receives a filtered set of intrusion detection signatures to be enforced on the at least one host computer. The method uses a set of contextual attributes associated with a particular data message to generate an intrusion detection signature for the particular data message, the generated intrusion detection signature including a bit pattern, each bit associated with a contextual attribute in the set. The method compares the generated intrusion detection signature with the received set of intrusion detection signatures to identify a matching intrusion detection signature in the received filtered set.

公开(公告)号：US12010126B2

公开(公告)日：2024-06-11

申请号：US17374630

申请日：2021-07-13

Applicant: VMware LLC

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/102 ,  H04L63/1425 ,  H04L63/1466 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes at least one host computer executing multiple machines. The method receives multiple contextual attributes associated with a set of data messages processed by the multiple machines executing on the at least one host computer, the multiple contextual attributes including contextual attributes that are not L2-L4 attributes and that define a compute environment in which one or more workloads performed by the multiple machines executing on the at least one host computer operate. The method uses the received multiple contextual attributes to perform a filtering operation to identify, from multiple intrusion detection signatures, a set of intrusion detection signatures applicable to the one or more workloads. The method provides the identified set of intrusion detection signatures to an intrusion detection system operating on the particular host computer for enforcement.

公开(公告)号：US12261859B2

公开(公告)日：2025-03-25

申请号：US17985089

申请日：2022-11-10

Applicant: VMware LLC

Inventor： Robin Manhas ,  Nafisa Mandliwala ,  Sirisha Myneni ,  Srinivas Ramaswamy

IPC: H04L9/40

Abstract: Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.

公开(公告)号：US12197971B2

公开(公告)日：2025-01-14

申请号：US17397936

申请日：2021-08-09

Applicant: VMware LLC

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Koon-Chee Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60 ,  H04L9/40

Abstract: Some embodiments of the invention provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

公开(公告)号：US11949660B2

公开(公告)日：2024-04-02

申请号：US17872846

申请日：2022-07-25

Applicant: VMware LLC

Inventor： Arnold Poon ,  Sirisha Myneni ,  Rajiv Mordani ,  Aditi Vutukuri

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/103 ,  H04L69/22

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L61/103 ,  H04L63/0245 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L69/22

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.