System and method of whitelisting parent virtual images
First Claim
1. A computer program product embodied in a non-transitory computer readable medium that, when executing on one or more computers, reduces scanning requirements of a primary virtual machine based on an understanding of a related virtual machine, by performing the steps of:
- creating the primary virtual machine as a child of the related virtual machine, wherein the related virtual machine is whitelisted with respect to a security requirement at the time of creation of the primary virtual machine;
in response to a change in the primary virtual machine, comparing the primary virtual machine to the related virtual machine and tracking changes of the primary virtual machine with respect to the related virtual machine wherein the changes are identified by location within the primary virtual machine, forming a tracked changes log;
generating a relevant file map of the primary virtual machine wherein the relevant file map includes a plurality of relevant files and each of the plurality of relevant files'"'"' locations in the primary virtual machine;
comparing the changed locations identified in the track changes log with the locations of the plurality of relevant files to determine if any one of the plurality of relevant files has been changed; and
performing a security scan of the primary virtual machine, wherein in the event that one of the relevant files has not been changed relative to the related virtual machine that has been whitelisted, excluding the one of the relevant files from the security scan, and further wherein in the event that one of the relevant files has been changed, as indicated by the comparison of the relevant file map to the tracked changes log, causing the changed relevant file to be security scanned.
9 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for virtual machine scan optimization. In response to a change in the primary virtual machine, the virtual machine scan optimization may involve comparing the primary virtual machine to the related virtual machine and tracking changes of the primary virtual machine with respect to the related virtual machine wherein the changes are identified by location within the primary virtual machine; forming a tracked changes log; generating a relevant file map of the primary virtual machine wherein the relevant file map includes a plurality of relevant files and each of the plurality of relevant files'"'"' locations in the primary virtual machine; comparing the changed locations identified in the track changes log with the locations of the plurality of relevant files to determine if any one of the plurality of relevant files has been changed; and in the event that a relevant file has been changed, as indicated by the comparison of the relevant file map to the tracked changes log, causing the changed relevant file to be security scanned.
53 Citations
8 Claims
-
1. A computer program product embodied in a non-transitory computer readable medium that, when executing on one or more computers, reduces scanning requirements of a primary virtual machine based on an understanding of a related virtual machine, by performing the steps of:
-
creating the primary virtual machine as a child of the related virtual machine, wherein the related virtual machine is whitelisted with respect to a security requirement at the time of creation of the primary virtual machine; in response to a change in the primary virtual machine, comparing the primary virtual machine to the related virtual machine and tracking changes of the primary virtual machine with respect to the related virtual machine wherein the changes are identified by location within the primary virtual machine, forming a tracked changes log; generating a relevant file map of the primary virtual machine wherein the relevant file map includes a plurality of relevant files and each of the plurality of relevant files'"'"' locations in the primary virtual machine; comparing the changed locations identified in the track changes log with the locations of the plurality of relevant files to determine if any one of the plurality of relevant files has been changed; and performing a security scan of the primary virtual machine, wherein in the event that one of the relevant files has not been changed relative to the related virtual machine that has been whitelisted, excluding the one of the relevant files from the security scan, and further wherein in the event that one of the relevant files has been changed, as indicated by the comparison of the relevant file map to the tracked changes log, causing the changed relevant file to be security scanned. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification