System for monitoring and managing datacenters

US 10,142,353 B2
Filed: 04/20/2016
Issued: 11/27/2018
Est. Priority Date: 06/05/2015
Status: Active Grant

First Claim

Patent Images

1. A system within a datacenter, comprising:

two or more sensors configured to;

capture a packet;

describe the packet in a packet log;

send the packet log to a collector;

the collector being configured to;

receive the packet logs from the two or more sensors;

determine that the packet logs describe a connection between two endpoints in a datacenter;

describe the connection in a flow log; and

an analytics module configured to;

determine a status of the datacenter, using any connections in the flow log;

detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and

modify, in response to the detected attack, a security policy of the datacenter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

594 Citations

14 Claims

1. A system within a datacenter, comprising:
- two or more sensors configured to;
  
  capture a packet;
  
  describe the packet in a packet log;
  
  send the packet log to a collector;
  
  the collector being configured to;
  
  receive the packet logs from the two or more sensors;
  
  determine that the packet logs describe a connection between two endpoints in a datacenter;
  
  describe the connection in a flow log; and
  
  an analytics module configured to;
  
  determine a status of the datacenter, using any connections in the flow log;
  
  detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
  
  modify, in response to the detected attack, a security policy of the datacenter.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein one of the two or more sensors is installed on a hypervisor.
  - 3. The system of claim 2, wherein one of the two or more sensors is installed on a virtual machine.
  - 4. The system of claim 1, wherein one of the two or more sensors is installed on a switch.
  - 5. The system of claim 1, wherein access to the datacenter is limited by a firewall.
  - 6. The system of claim 1, wherein the analytics module is further configured to:
    - present a report describing flows in the datacenter.

7. A method executed within a datacenter, comprising:
- receiving, a first packet log from a first sensor and a second packet log from a second sensor, the first packet log and the second packet log describing packets that are captured by the respective sensors;
  
  determining that the first packet log and the second packet log describes a connection between two endpoints in a datacenter;
  
  describing any connections within the first packet log and the second packet log in a flow log; and
  
  sending the flow log to an analytics module determining a status of the datacenter, using any connections in the flow log;
  
  detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
  
  modify, in response to the detected attack, a security policy of the datacenter.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein the first sensor is installed on a hypervisor.
  - 9. The method of claim 8, wherein access to the datacenter is limited by a firewall.
  - 10. The method of claim 7, wherein the first sensor is installed on a switch.
  - 11. The method of claim 7, wherein the first sensor is installed on a virtual machine.

12. A non-transitory computer-readable medium having computer readable instructions stored thereon that, when executed by a processor of a computer, cause the computer to:
- receive, from a collector, a flow log describing a connection between two endpoints in a datacenter; and
  
  determine a status of a datacenter, using the flow log, using any connections in the flow log;
  
  detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
  
  modify, in response to the detected attack, a security policy of the datacenter.
- View Dependent Claims (13, 14)
- - 13. The non-transitory computer-readable medium of claim 12, wherein the instructions further cause the computer to:
    - present a report describing flows in the datacenter.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the instructions further cause the computer to:
    - configure a sensor to send a packet log to the collector.

Specification

Resources

Litigation Campaign Assessment

Application Number

US15/134,100
Publication Number

US 20160359872A1
Time in Patent Office

951 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/04   Processing captured monitor...

H04L 43/062   related to network traffic

H04L 43/0894   Packet rate

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

System for monitoring and managing datacenters

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

594 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System for monitoring and managing datacenters

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

594 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links