The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 17, 2023
Filed:
Oct. 21, 2021
Vmware, Inc., Palo Alto, CA (US);
Tejas Sanjeev Panse, San Jose, CA (US);
Aditi Vutukuri, Atlanta, GA (US);
Arnold Koon-Chee Poon, San Mateo, CA (US);
Rajiv Mordani, Fremont, CA (US);
Margaret Petrus, San Jose, CA (US);
VMWARE, INC., Palo Alto, CA (US);
Abstract
Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.