Patents by Inventor Matthew Kirby Glenn
Matthew Kirby Glenn has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11909766Abstract: A policy management server manages a segmentation policy and automatically configures an enclave protection device consistently with the segmentation policy so that that the segmentation policy can be enforced with respect to workloads within a secure enclave protected by the enclave protection device. The policy management server identifies protected workloads that are members of a secure enclave and external workloads that are external to the secure enclave. The policy management server identifies cross-boundary rules of the segmentation policy affecting traffic between the protected workloads and external workloads. The policy management server generates and distributes a configuration of the enclave protection device to enable enforcement of the cross-boundary rules pertaining to traffic passing through the enclave protection device.Type: GrantFiled: January 28, 2020Date of Patent: February 20, 2024Assignee: Illumio, Inc.Inventors: George Jeffrey Francis, Matthew Kirby Glenn, Jalandip Lepcha, Paul James Kirner
-
Patent number: 11665192Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: GrantFiled: June 21, 2021Date of Patent: May 30, 2023Assignee: Illumio, Inc.Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Patent number: 11665191Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: GrantFiled: June 21, 2021Date of Patent: May 30, 2023Assignee: Illumio, Inc.Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Publication number: 20210314345Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: ApplicationFiled: June 21, 2021Publication date: October 7, 2021Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Publication number: 20210314346Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: ApplicationFiled: June 21, 2021Publication date: October 7, 2021Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Publication number: 20210234900Abstract: A policy management server manages a segmentation policy and automatically configures an enclave protection device consistently with the segmentation policy so that that the segmentation policy can be enforced with respect to workloads within a secure enclave protected by the enclave protection device. The policy management server identifies protected workloads that are members of a secure enclave and external workloads that are external to the secure enclave. The policy management server identifies cross-boundary rules of the segmentation policy affecting traffic between the protected workloads and external workloads. The policy management server generates and distributes a configuration of the enclave protection device to enable enforcement of the cross-boundary rules pertaining to traffic passing through the enclave protection device.Type: ApplicationFiled: January 28, 2020Publication date: July 29, 2021Inventors: George Jeffrey Francis, Matthew Kirby Glenn, Jalandip Lepcha, Paul James Kirner
-
Patent number: 11075937Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: GrantFiled: February 22, 2018Date of Patent: July 27, 2021Assignee: Illumio, Inc.Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Patent number: 11075936Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: GrantFiled: February 22, 2018Date of Patent: July 27, 2021Assignee: Illumio, Inc.Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Patent number: 10805166Abstract: An enforcement mechanism on an operating system instance enforces a segmentation policy on a container. A configuration generation module executing in a host namespace of the operating system instance receives management instructions from a segmentation server for enforcing the segmentation policy on a container. The configuration generation module executes in the host namespace to configure a traffic control and monitoring module in a container namespace associated with the container. The traffic control and monitoring module in the container namespace controls and monitors communications to and from the container in accordance with its configuration. By executing a configuration generation module in the host namespace to configure traffic control and monitoring module in the container namespace, the enforcement mechanism beneficially enables robust and lightweight enforcement in a manner that is agnostic to different containerization protocols.Type: GrantFiled: September 24, 2019Date of Patent: October 13, 2020Assignee: Illumio, Inc.Inventors: Thomas Michael McCormick, Daniel Richard Cook, Rupesh Kumar Mishra, Matthew Kirby Glenn, Paul James Kirner, Mukesh Gupta, Juraj George Fandli
-
Patent number: 10785115Abstract: A segmentation server configures enforcement of a segmentation policy by allocating enforcement of management instructions between network devices and hosts. The segmentation policy comprises rules that control communications between workloads. For a particular workload, the segmentation server generates management instructions for controlling communications to and from the particular workload in accordance with the rules. The segmentation server determines an allocation of management instructions between enforcement on a host on which the particular workload executes and enforcement on a network device upstream from the workload. The segmentation server sends configuration information to at least one of the host and the network device in accordance with the allocation to enable enforcement of the management instructions.Type: GrantFiled: October 26, 2018Date of Patent: September 22, 2020Assignee: Illumio, Inc.Inventors: Rupesh Kumar Mishra, Paul James Kirner, Matthew Kirby Glenn
-
Publication number: 20200136910Abstract: A segmentation server configures enforcement of a segmentation policy by allocating enforcement of management instructions between network devices and hosts. The segmentation policy comprises rules that control communications between workloads. For a particular workload, the segmentation server generates management instructions for controlling communications to and from the particular workload in accordance with the rules. The segmentation server determines an allocation of management instructions between enforcement on a host on which the particular workload executes and enforcement on a network device upstream from the workload. The segmentation server sends configuration information to at least one of the host and the network device in accordance with the allocation to enable enforcement of the management instructions.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: Rupesh Kumar Mishra, Paul James Kirner, Matthew Kirby Glenn
-
Publication number: 20200021491Abstract: An enforcement mechanism on an operating system instance enforces a segmentation policy on a container. A configuration generation module executing in a host namespace of the operating system instance receives management instructions from a segmentation server for enforcing the segmentation policy on a container. The configuration generation module executes in the host namespace to configure a traffic control and monitoring module in a container namespace associated with the container. The traffic control and monitoring module in the container namespace controls and monitors communications to and from the container in accordance with its configuration. By executing a configuration generation module in the host namespace to configure traffic control and monitoring module in the container namespace, the enforcement mechanism beneficially enables robust and lightweight enforcement in a manner that is agnostic to different containerization protocols.Type: ApplicationFiled: September 24, 2019Publication date: January 16, 2020Inventors: Thomas Michael McCormick, Daniel Richard Cook, Rupesh Kumar Mishra, Matthew Kirby Glenn, Paul James Kirner, Mukesh Gupta, Juraj George Fandli
-
Publication number: 20190372848Abstract: An enforcement mechanism on an operating system instance enforces a segmentation policy on a container. A configuration generation module executing in a host namespace of the operating system instance receives management instructions from a segmentation server for enforcing the segmentation policy on a container. The configuration generation module executes in the host namespace to configure a traffic control and monitoring module in a container namespace associated with the container. The traffic control and monitoring module in the container namespace controls and monitors communications to and from the container in accordance with its configuration. By executing a configuration generation module in the host namespace to configure traffic control and monitoring module in the container namespace, the enforcement mechanism beneficially enables robust and lightweight enforcement in a manner that is agnostic to different containerization protocols.Type: ApplicationFiled: May 31, 2018Publication date: December 5, 2019Inventors: Thomas Michael McCormick, Daniel Richard Cook, Rupesh Kumar Mishra, Matthew Kirby Glenn, Paul James Kirner, Mukesh Gupta, Juraj George Fandli
-
Patent number: 10476745Abstract: An enforcement mechanism on an operating system instance enforces a segmentation policy on a container. A configuration generation module executing in a host namespace of the operating system instance receives management instructions from a segmentation server for enforcing the segmentation policy on a container. The configuration generation module executes in the host namespace to configure a traffic control and monitoring module in a container namespace associated with the container. The traffic control and monitoring module in the container namespace controls and monitors communications to and from the container in accordance with its configuration. By executing a configuration generation module in the host namespace to configure traffic control and monitoring module in the container namespace, the enforcement mechanism beneficially enables robust and lightweight enforcement in a manner that is agnostic to different containerization protocols.Type: GrantFiled: May 31, 2018Date of Patent: November 12, 2019Assignee: Illumio, Inc.Inventors: Thomas Michael McCormick, Daniel Richard Cook, Rupesh Kumar Mishra, Matthew Kirby Glenn, Paul James Kirner, Mukesh Gupta, Juraj George Fandli
-
Publication number: 20190258804Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: ApplicationFiled: February 22, 2018Publication date: August 22, 2019Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher
-
Publication number: 20190258525Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.Type: ApplicationFiled: February 22, 2018Publication date: August 22, 2019Inventors: Matthew Kirby Glenn, Paul James Kirner, Seth Bruce Ford, Mukesh Gupta, Joy Anne Scott, Nathaniel Jurist Gleicher