×

SECURITY POLICY GENERATION BASED ON SNAPSHOTS OF SIMILAR VIRTUAL MACHINES

  • US 20170103212A1
  • Filed: 12/20/2016
  • Published: 04/13/2017
  • Est. Priority Date: 04/29/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • monitoring a set of monitored virtual machines by (i) running the virtual machines to receive and process data, and (ii) intermittently taking snapshots of each virtual machine in the set of virtual machines;

    for each virtual machine of the set of monitored virtual machines, determining a set of snapshot deltas, with each snapshot delta respectively corresponding to changes between pairs of temporally adjacent snapshots;

    determining a first subset of virtual machines from the set of monitored virtual machines, where each virtual machine in the first subset of virtual machines meets the following conditions;

    (i) the virtual machine has been subject to an attack, and (ii) the virtual machine has not been adversely affected by the attack;

    determining a second subset of virtual machines from the set of virtual machines, where each virtual machine in the second subset of virtual machines meets the following conditions;

    (i) the virtual machine has been subject to an attack, and (ii) the virtual machine has been adversely affected by the attack; and

    analyzing the set(s) of snapshot deltas from the first subset of virtual machine(s) and/or the set(s) of snapshot deltas from the second subset of virtual machine(s) to determine at least one of the following;

    (i) unhealthy snapshot deltas that tend to occur in only virtual machines that are adversely affected by the attack, and/or (ii) healthy snapshot deltas that tend to occur only in machines that are subject to the attack but are not adversely affected by the attack.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×