METHOD AND TECHNIQUE FOR APPLICATION AND DEVICE CONTROL IN A VIRTUALIZED ENVIRONMENT
First Claim
Patent Images
1. A method comprising:
- monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system;
identifying a source associated with the file open event, wherein the source is at least one of an application or a device being used by the GVM;
enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per a source control policy; and
enforcing a second response rule associated with the GVM when the file violates a data loss prevention (DLP) policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager enforces a first response rule associated with the GVM when the source is a non-approved source per a source control policy. The DLP manager enforces a second response rule when the file violates a DLP policy.
105 Citations
20 Claims
-
1. A method comprising:
-
monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system; identifying a source associated with the file open event, wherein the source is at least one of an application or a device being used by the GVM; enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per a source control policy; and enforcing a second response rule associated with the GVM when the file violates a data loss prevention (DLP) policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system; identifying a source associated with the file open event, wherein the source is at least one of an application or a device being used by the GVM; enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per a source control policy; and enforcing a second response rule associated with the GVM when the file violates a data loss prevention (DLP) policy. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computing apparatus comprising:
-
a memory to store instructions for providing a data loss prevention (DLP) manager; and a computing device, coupled to the memory, wherein the computing device is configured to execute the DLP manager; monitor, by the DLP manager, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system; identify a source associated with the file open event, wherein the source is at least one of an application or a device being used by the GVM; enforce a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per a source control policy; and enforce a second response rule associated with the GVM when the file violates a data loss prevention (DLP) policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification