Systems and methods for replicating computing system environments

US 9,223,966 B1
Filed: 05/04/2014
Issued: 12/29/2015
Est. Priority Date: 05/04/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for replicating computing system environments, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying each application installed on a plurality of computing systems and creating a profile for each computing system that identifies each application installed on the computing system;

creating, within a virtual machine image, virtual containers comprising each application installed on the plurality of computing systems;

determining that a potentially malicious file is directed to a target computing system within the plurality of computing systems;

utilizing a profile for the target computing system to identify each application installed on the target computing system;

in response to determining that the file is directed to the target computing system, replicating a configuration of the target computing system within the virtual machine image by activating each virtual container comprising an application identified by the profile for the target computing system;

after configuring the virtual machine image to replicate the configuration of the target computing system, determining how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for replicating computing system environments may include (1) identifying each application installed on a plurality of computing systems, (2) creating, within a virtual machine image, virtual containers that store each application installed on the plurality of computing systems, (3) determining that a potentially malicious file is directed to a target computing system within the plurality of computing systems, (4) identifying each application installed on the target computing system, (5) in response to determining that the file is directed to the target computing system, replicating a configuration of the target computing system within the virtual machine image by, for each application installed on the target computing system, activating a virtual container that stores the application, and (6) determining how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image.

179 Citations

20 Claims

1. A computer-implemented method for replicating computing system environments, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying each application installed on a plurality of computing systems and creating a profile for each computing system that identifies each application installed on the computing system;
  
  creating, within a virtual machine image, virtual containers comprising each application installed on the plurality of computing systems;
  
  determining that a potentially malicious file is directed to a target computing system within the plurality of computing systems;
  
  utilizing a profile for the target computing system to identify each application installed on the target computing system;
  
  in response to determining that the file is directed to the target computing system, replicating a configuration of the target computing system within the virtual machine image by activating each virtual container comprising an application identified by the profile for the target computing system;
  
  after configuring the virtual machine image to replicate the configuration of the target computing system, determining how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein identifying each application installed on the plurality of computing systems comprises at least one of:
    - identifying, at a server that hosts the virtual machine image and is remote from each computing system in the plurality of computing systems, each application;
      
      deploying, to each computing system in the plurality of computing systems, a software agent that identifies each application on the computing system and sends information identifying each application to the server that hosts the virtual machine image.
  - 3. The method of claim 1, wherein:
    - identifying each application installed on the plurality of computing systems comprises identifying a version of each application;
      
      replicating the configuration of the target computing system comprises, for each application installed on the target computing system, activating the virtual container that comprises the version of the application.
  - 4. The method of claim 1, wherein:
    - creating the profile for each computing system further comprises, for each application installed on each computing system, mapping the application to a virtual container comprising the application;
      
      replicating the configuration of the target computing system comprises activating each virtual container mapped to each application installed on the target computing system.
  - 5. The method of claim 1, further comprising updating the profile of at least one computing system in response to determining that the computing system was modified when at least one application on the computing system was:
    - updated to a new version;
      
      deleted from the computing system;
      
      ornewly installed on the computing system.
  - 6. The method of claim 5, wherein updating the profile of the computing system comprises sending, from the computing system to a server that hosts the virtual machine image, information about the modification to the computing system.
  - 7. The method of claim 1, wherein determining that the file is directed to the target computing system comprises intercepting the file prior to the file being used on the target computing system.
  - 8. The method of claim 1, wherein analyzing how the file impacts the virtual machine image comprises identifying suspicious activity on the virtual machine image after the file is sent to the virtual machine image.

9. A system for replicating execution environments, the system comprising:
- an identification software module, stored in memory, that identifies each application installed on a plurality of computing systems and creates a profile for each computing system that identifies each application installed on the computing system;
  
  a creation software module, stored in memory, that creates, within a virtual machine image, virtual containers comprising each application installed on the plurality of computing systems;
  
  a determination software module, stored in memory, that determines that a potentially malicious file is directed to a target computing system within the plurality of computing systems;
  
  an application software module, stored in memory, that utilizes a profile for the target computing system to identify each application installed on the target computing system;
  
  a replication software module, stored in memory, that in response to determining that the file is directed to the target computing system, replicates a configuration of the target computing system within the virtual machine image by activating each virtual container comprising an application identified by the profile for the target computing system;
  
  an analysis software module, stored in memory, that after configuring the virtual machine image to replicate the configuration of the target computing system, determines how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image;
  
  at least one processor configured to execute the identification software module, the creation software module, the determination software module, the application software module, the replication software module, and the analysis software module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the identification software module identifies each application installed on the plurality of computing systems by at least one of:
    - identifying, at a server that hosts the virtual machine image and is remote from each computing system in the plurality of computing systems, each application;
      
      deploying, to each computing system in the plurality of computing systems, a software agent that identifies each application on the computing system and sends information identifying each application to the server that hosts the virtual machine image.
  - 11. The system of claim 9, wherein:
    - the identification software module identifies each application installed on the plurality of computing systems by identifying a version of each application;
      
      the replication software module replicates the configuration of the target computing system by, for each application installed on the target computing system, activating the virtual container that comprises the version of the application.
  - 12. The system of claim 9, wherein:
    - the creation software module further creates the profile for each computing system by, for each application installed on each computing system, mapping the application to a virtual container comprising the application;
      
      the replication software module replicates the configuration of the target computing system by activating each virtual container mapped to each application installed on the target computing system.
  - 13. The system of claim 9, further comprising an update software module that updates the profile of at least one computing system in response to determining that the computing system was modified when at least one application on the computing system was:
    - updated to a new version;
      
      deleted from the computing system;
      
      ornewly installed on the computing system.
  - 14. The system of claim 13, wherein the update software module updates the profile of the computing system by sending, from the computing system to a server that hosts the virtual machine image, information about the modification to the computing system.
  - 15. The system of claim 9, wherein the analysis software module determines that the file is directed to the target computing system by intercepting the file prior to the file being used on the target computing system.
  - 16. The system of claim 9, wherein the analysis software module analyzes how the file impacts the virtual machine image by identifying suspicious activity on the virtual machine image after the file is sent to the virtual machine image.

17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify each application installed on a plurality of computing systems and create a profile for each computing system that identifies each application installed on the computing system;
  
  create, within a virtual machine image, virtual containers comprising each application installed on the plurality of computing systems;
  
  determine that a potentially malicious file is directed to a target computing system within the plurality of computing systems;
  
  utilize a profile for the target computing system to identify each application installed on the target computing system;
  
  in response to determining that the file is directed to the target computing system, replicate a configuration of the target computing system within the virtual machine image by activating each virtual container comprising an application identified by the profile for the target computing system;
  
  after configuring the virtual machine image to replicate the configuration of the target computing system, determine how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17, wherein the computer-executable instructions further cause the computing device to identify each application installed on the plurality of computing systems by at least one of:
    - identifying, at a server that hosts the virtual machine image and is remote from each computing system in the plurality of computing systems, each application;
      
      deploying, to each computing system in the plurality of computing systems, a software agent that identifies each application on the computing system and sends information identifying each application to the server that hosts the virtual machine image.
  - 19. The computer-readable medium of claim 17, wherein the computer-executable instructions further cause the computing device to:
    - identify each application installed on the plurality of computing systems by identifying a version of each application;
      
      replicate the configuration of the target computing system by, for each application installed on the target computing system, activating the virtual container that comprises the version of the application.
  - 20. The computer-readable medium of claim 17, wherein the computer-executable instructions further cause the computing device to:
    - create the profile for each computing system further by, for each application installed on each computing system, mapping the application to a virtual container comprising the application;
      
      replicate the configuration of the target computing system by activating each virtual container mapped to each application installed on the target computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Wawda, Abubakar A.
Primary Examiner(s)
Shehni, Ghazal

Application Number

US14/269,145
Time in Patent Office

604 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/564   by virus signature recognition

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

Systems and methods for replicating computing system environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

179 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for replicating computing system environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

179 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others