×

Security policy generation for virtualization, bare-metal server, and cloud computing environments

  • US 10,264,025 B2
  • Filed: 07/01/2016
  • Issued: 04/16/2019
  • Est. Priority Date: 06/24/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for security in virtualization, bare- metal server, and cloud computing environments comprising:

  • receiving network traffic associated with a primary workload, the primary workload including a behavior and a relationship of a particular workload with a secondary workload;

    generating first metadata using the network traffic;

    determining a primary categorization associated with the primary workload, using the first metadata;

    confirming the primary categorization is reliable;

    determining a secondary categorization associated with at least one secondary workload, the at least one secondary workload being communicatively coupled to the primary workload;

    ascertaining the primary categorization and the secondary categorization are consistent with each other and are each stable;

    producing a model using the primary categorization and the secondary categorization, the model including a behavior and a relationship associated with the primary workload;

    checking the model for sustained convergence; and

    generating a high-level declarative security policy associated with the primary workload using the model, the high-level declarative security policy indicating at least an application or a service with which the primary workload can communicate.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×