Application and device control in a virtualized environment
First Claim
Patent Images
1. A method comprising:
- monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system;
identifying a source associated with the file open event, wherein the source is an application or a device being used by the GVM;
determining when a data loss prevention (DLP) policy requires monitoring of the source in view of a source control policy;
monitoring the source for file system events associated with the file when the DLP policy requires monitoring;
determining when the file violates the DLP policy in view of the source of the file system events;
enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per the source control policy; and
enforcing a second response rule associated with the GVM when the file violates the DLP policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager enforces a first response rule associated with the GVM when the source is a non-approved source per a source control policy. The DLP manager enforces a second response rule when the file violates a DLP policy.
17 Citations
20 Claims
-
1. A method comprising:
-
monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system; identifying a source associated with the file open event, wherein the source is an application or a device being used by the GVM; determining when a data loss prevention (DLP) policy requires monitoring of the source in view of a source control policy; monitoring the source for file system events associated with the file when the DLP policy requires monitoring; determining when the file violates the DLP policy in view of the source of the file system events; enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per the source control policy; and enforcing a second response rule associated with the GVM when the file violates the DLP policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
monitoring, by a dedicated security virtual machine (SVM) executing by a computing system, a file open event to access a file by a guest virtual machine (GVM) executing by the computing system; identifying a source associated with the file open event, wherein the source is an application or a device being used by the GVM; determining when a data loss prevention (DLP) policy requires monitoring of the source in view of a source control policy; monitoring the source for file system events associated with the file when the DLP policy requires monitoring; determining when the file violates the DLP policy in view of the source of the file system events; enforcing a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per the source control policy; and enforcing a second response rule associated with the GVM when the file violates the DLP policy. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computing apparatus comprising:
-
a memory to store instructions for a data loss prevention (DLP) manager; and a processor, coupled to the memory, wherein the processor is to execute the DLP manager; monitor, by the DLP manager, a file open event to access a file by a guest virtual machine (GVM) executed by a computing system; identify, by the processor, a source associated with the file open event, wherein the source is an application or a device being used by the GVM; determine when a DLP policy requires monitoring of the source in view of a source control policy; monitor the source for file system events associated with the file when the DLP policy require monitoring; determine when the file violates the DLP policy in view of the source of the file system events; enforce a first response rule associated with the GVM when the source associated with the file open event is a non-approved source per the source control policy; and enforce a second response rule associated with the GVM when the file violates the DLP policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification