System for monitoring and managing datacenters
First Claim
Patent Images
1. A system within a datacenter, comprising:
- two or more sensors configured to;
capture a packet;
describe the packet in a packet log;
send the packet log to a collector;
the collector being configured to;
receive the packet logs from the two or more sensors;
determine that the packet logs describe a connection between two endpoints in a datacenter;
describe the connection in a flow log; and
an analytics module configured to;
determine a status of the datacenter, using any connections in the flow log;
detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
modify, in response to the detected attack, a security policy of the datacenter.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.
594 Citations
14 Claims
-
1. A system within a datacenter, comprising:
-
two or more sensors configured to; capture a packet; describe the packet in a packet log; send the packet log to a collector; the collector being configured to; receive the packet logs from the two or more sensors; determine that the packet logs describe a connection between two endpoints in a datacenter; describe the connection in a flow log; and an analytics module configured to; determine a status of the datacenter, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method executed within a datacenter, comprising:
-
receiving, a first packet log from a first sensor and a second packet log from a second sensor, the first packet log and the second packet log describing packets that are captured by the respective sensors; determining that the first packet log and the second packet log describes a connection between two endpoints in a datacenter; describing any connections within the first packet log and the second packet log in a flow log; and sending the flow log to an analytics module determining a status of the datacenter, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium having computer readable instructions stored thereon that, when executed by a processor of a computer, cause the computer to:
-
receive, from a collector, a flow log describing a connection between two endpoints in a datacenter; and determine a status of a datacenter, using the flow log, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. - View Dependent Claims (13, 14)
-
Specification