Patents by Inventor RAYANAGOUDA BHEEMANAGOUDA PATIL
RAYANAGOUDA BHEEMANAGOUDA PATIL has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240031334Abstract: Example methods and systems for identity firewall with context information tracking are described. In one example, a first computer system may detect establishment of a connection with a virtualized computing instance, and track context information associated with the connection. The context information may include (a) first identity information that is associated with a prior connection between the client device and a second computer system, and (b) second identity information that is associated with the connection with the virtualized computing instance. Further, the first computer system may obtain a first identity firewall policy associated with the first identity information. In response to detecting a packet associated with a flow originating from, or destined for, the virtualized computing instance, the first computer system may allow or block forwarding of the packet based on the first identity firewall policy.Type: ApplicationFiled: October 13, 2022Publication date: January 25, 2024Inventors: RAYANAGOUDA BHEEMANAGOUDA PATIL, MANISHA SAMEER GAMBHIR PAREKH, KULDEEP NAMADEORAO NIKAM, SOUMEE PHATAK
-
Patent number: 11847485Abstract: Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also hosted on different host machines in the cluster. The identification of the affinity for network communications provides network-level context for migration decisions by a distributed resource scheduler. Certain VMs and/or containers can then be migrated by the distributed resource scheduler to reduce the network communications in the cluster based on the network-level context information.Type: GrantFiled: April 19, 2022Date of Patent: December 19, 2023Assignee: VMware, Inc.Inventors: Shirish Vijayvargiya, Priyal Rathi, Shailendra Singh Rana, Rayanagouda Bheemanagouda Patil
-
Publication number: 20230385413Abstract: The disclosure herein describes executing unknown processes while preventing sandbox-evading malware therein from performing malicious behavior. A process execution event associated with an executable is detected, wherein the executable is to be executed in a production environment. The executable is determined to be an unknown executable (e.g., an executable that has not been analyzed for malware) using signature data in the process execution event. A function call hook interface of a sandbox simulator is activated, and a process of the executable is executed in the production environment. Any function calls from the executing process are intercepted by the activated function call hook interface, and sandbox-style responses to the intercepted function call are generated using sandbox response data of the sandbox simulator. The generated sandbox responses are provided to the executing process, whereby malware included in the executable behaves as if the executing process is executing in a sandbox environment.Type: ApplicationFiled: May 26, 2022Publication date: November 30, 2023Inventors: Rayanagouda Bheemanagouda PATIL, Kedar Bhalchandra CHAUDHARI, Clemens KOLBITSCH, Laxmikant Vithal GUNDA, Vaibhav KULKARNI
-
Publication number: 20230328099Abstract: A method for opening unknown files in a malware detection system, is provided. The method generally includes receiving a request to open a file classified as an unknown file, opening the file in a container, collecting at least one of a log of events carried out by the file or observed behavior traces of the file while open in the container, transmitting, to a file analyzer, at least one of the file, the log of events, or the behavior traces for static analysis, determining, a final verdict for the file, based on at least one of the file, the log of events, or the behavior traces, wherein the final verdict for the file is based on the static analysis or dynamic analysis of the file, and taking one or more actions based on a policy configured for the first endpoint and the final verdict.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Inventors: Rayanagouda Bheemanagouda PATIL, Kedar Bhalchandra CHAUDHARI, Shivali SHARMA, Laxmikant Vithal GUNDA, Sriram GOPALAKRISHNAN
-
Publication number: 20230297685Abstract: A method for locating malware in a malware detection system, is provided. The method generally includes storing, at a first endpoint, a mapping of a first file hash and a first file path for a first file classified as an unknown file, opening, at the first endpoint, the first file prior to determining whether the first file is benign or malicious, determining, at the first endpoint, a first verdict for the first file, the first verdict indicating the first file is benign or malicious, locating the first file using the mapping of the first file hash and the first file path, and taking one or more actions based on a policy configured for the first endpoint and the first verdict indicating the first file is benign or malicious.Type: ApplicationFiled: March 15, 2022Publication date: September 21, 2023Inventors: Rayanagouda Bheemanagouda PATIL, Sriram GOPALAKRISHNAN, Pranav GOKHALE
-
Patent number: 11645390Abstract: A next generation antivirus (NGAV) security solution in a virtualized computing environment includes a security sensor at a virtual machine that runs on a host and a security engine remote from the host. The integrity of the NGAV security solution is increased, by providing a verification as to whether a verdict issued by the security engine has been successfully enforced by the security sensor to prevent execution of malicious code at the virtual machine.Type: GrantFiled: May 11, 2020Date of Patent: May 9, 2023Assignee: VMWARE, INC.Inventors: Shirish Vijayvargiya, Vasantha Kumar Dhanasekar, Sachin Shinde, Rayanagouda Bheemanagouda Patil
-
Publication number: 20220244982Abstract: Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also hosted on different host machines in the cluster. The identification of the affinity for network communications provides network-level context for migration decisions by a distributed resource scheduler. Certain VMs and/or containers can then be migrated by the distributed resource scheduler to reduce the network communications in the cluster based on the network-level context information.Type: ApplicationFiled: April 19, 2022Publication date: August 4, 2022Inventors: Shirish Vijayvargiya, Priyal Rathi, Shailendra Singh Rana, Rayanagouda Bheemanagouda Patil
-
Publication number: 20220210127Abstract: Example methods and systems for attribute-based firewall rule enforcement are described. One example method may comprise a computer system obtaining, from a management entity, one or more first firewall rules configured based on first attribute information. The computer system may detect a login event associated with a user operating a user device to log onto a virtualized computing instance. In response to determination that the user is associated with the first attribute information, the one or more first firewall rules may be applied. Otherwise, in response to determination that the user is associated with second attribute information that is different from the first attribute information, the computer system may obtain and apply one or more second firewall rules configured based on the second attribute information.Type: ApplicationFiled: February 17, 2021Publication date: June 30, 2022Inventors: VASANTHA KUMAR DHANASEKAR, Shirish VIJAYVARGIYA, Rayanagouda Bheemanagouda PATIL
-
Patent number: 11327780Abstract: Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also hosted on different host machines in the cluster. The identification of the affinity for network communications provides network-level context for migration decisions by a distributed resource scheduler. Certain VMs and containers can then be migrated by the distributed resource scheduler to reduce the network communications in the cluster based on the network-level context information.Type: GrantFiled: September 18, 2018Date of Patent: May 10, 2022Assignee: VMWARE, INC.Inventors: Shirish Vijayvargiya, Priyal Rathi, Shailendra Singh Rana, Rayanagouda Bheemanagouda Patil
-
Patent number: 11240204Abstract: Example methods and systems for score-based dynamic firewall rule enforcement in a software-defined networking (SDN) environment. One example method may comprise in response to detecting a first request to access a first resource, identifying a first score associated with the user, and a firewall rule that is applicable to the user based on information associated with the user. The firewall rule may be applied to allow access to the first resource. The method may further comprise adjusting the first score to a second score that represents a more restrictive access level compared to the first score. In response to detecting a second request to access the first resource, applying the firewall rule to block the second request based on the second score.Type: GrantFiled: April 15, 2019Date of Patent: February 1, 2022Assignee: VMWARE, INC.Inventors: Rayanagouda Bheemanagouda Patil, Vasantha Kumar, Sriram Gopalakrishnan, Mandar Barve
-
Publication number: 20210286877Abstract: A next generation antivirus (NGAV) security solution in a virtualized computing environment includes a security sensor at a virtual machine that runs on a host and a security engine remote from the host. The integrity of the NGAV security solution is increased, by providing a verification as to whether a verdict issued by the security engine has been successfully enforced by the security sensor to prevent execution of malicious code at the virtual machine.Type: ApplicationFiled: May 11, 2020Publication date: September 16, 2021Inventors: SHIRISH VIJAYVARGIYA, Vasantha Kumar DHANASEKAR, Sachin SHINDE, Rayanagouda Bheemanagouda PATIL
-
Publication number: 20210216348Abstract: Described herein are systems, methods, and software to manage resources for networking operations on a host computing system. In one implementation, a hypervisor on a host computing system, may monitor computing resources used by a networking process provided by the hypervisor. The hypervisor further determines that the one or more computing resources used by the networking process satisfy at least one criterion and, in response to determining that the computing resources satisfy at least one criterion, notifies one or more virtual machines supported by the hypervisor to modify one or more execution parameters associated with at least one application in each of the one or more virtual machines.Type: ApplicationFiled: March 17, 2020Publication date: July 15, 2021Inventors: SHIVALI SHARMA, Vasantha Kumar Dhanasekar, Rahul Kumar, Rayanagouda Bheemanagouda Patil
-
Patent number: 11057385Abstract: Certain embodiments described herein are generally directed to systems and methods for preventing access to files on a virtual machine. One example method involves receiving network information associated with a network connection opened at the virtual machine and determining a process that opened the network connection. The method further involves receiving information indicative of a file access event attempted at the virtual machine and determining the process that opened the network connection initiated the file access event. The method further involves transmitting information indicative of the file access event and the network connection to a security virtual machine and receiving an enforcement decision for the file access event from the security virtual machine based on the information indicative of the file access event and the network connection. The method further involves applying the enforcement decision to either allow or prevent the file access event by the process.Type: GrantFiled: July 12, 2018Date of Patent: July 6, 2021Assignee: Nicira, Inc.Inventors: Nilesh Awate, Rayanagouda Bheemanagouda Patil, Vasantha Kumar, Amit Vasant Patil
-
Publication number: 20200401492Abstract: Embodiments of the present disclosure relate to container-level monitoring. Embodiments include detecting, by an agent of a virtual machine, an event. Embodiments include determining, by the agent of the virtual machine, an address related to the event. Embodiments include accessing, by the agent of the virtual machine, container mapping information. Embodiments include locating, by the agent of the virtual machine, the address in the container mapping information. Embodiments include determining, by the agent of the virtual machine, based on the locating, that the event is associated with a container. Embodiments include determining, by the agent of the virtual machine, one or more attributes of the container. Embodiments include determining, by the agent of the virtual machine, based on information related to the event and the one or more attributes of the container, whether to block or allow an action related to the event.Type: ApplicationFiled: August 8, 2019Publication date: December 24, 2020Inventors: Shirish Vijayvargiya, Alok Nemchand Kataria, Rayanagouda Bheemanagouda Patil
-
Patent number: 10831520Abstract: A system and method of communicating between a hypervisor and virtual machines using object agents within the hypervisor and the virtual machines. Further, the hypervisor and virtual machines include similar datastore mappings that allow the hypervisor and virtual machines to communicate with each other. The object agent of a virtual machine communicates information corresponding to a first object to the object agent of the hypervisor, and the object agent of the hypervisor updates a datastore mapping of the hypervisor. The hypervisor then communicates the information corresponding to the first object to an object agent of another virtual machine.Type: GrantFiled: February 26, 2018Date of Patent: November 10, 2020Assignee: Nicira, Inc.Inventors: Nidhi Sharma, Rayanagouda Bheemanagouda Patil, Goresh Musalay
-
Publication number: 20200236086Abstract: Example methods and systems for score-based dynamic firewall rule enforcement in a software-defined networking (SDN) environment. One example method may comprise in response to detecting a first request to access a first resource, identifying a first score associated with the user, and a firewall rule that is applicable to the user based on information associated with the user. The firewall rule may be applied to allow access to the first resource. The method may further comprise adjusting the first score to a second score that represents a more restrictive access level compared to the first score. In response to detecting a second request to access the first resource, applying the firewall rule to block the second request based on the second score.Type: ApplicationFiled: April 15, 2019Publication date: July 23, 2020Inventors: RAYANAGOUDA BHEEMANAGOUDA PATIL, VASANTHA KUMAR, SRIRAM GOPALAKRISHNAN, MANDAR BARVE
-
Publication number: 20200089516Abstract: Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also hosted on different host machines in the cluster. The identification of the affinity for network communications provides network-level context for migration decisions by a distributed resource scheduler. Certain VMs and containers can then be migrated by the distributed resource scheduler to reduce the network communications in the cluster based on the network-level context information.Type: ApplicationFiled: September 18, 2018Publication date: March 19, 2020Inventors: Shirish Vijayvargiya, Priyal Rathi, Shailendra Singh Rana, Rayanagouda Bheemanagouda Patil
-
Patent number: 10581705Abstract: Techniques for smart service catalogs based deployment of applications in a cloud computing environment are disclosed. In one embodiment, resource information required to deploy an instance of an application is retrieved from a blueprint associated with a client. Further, available resource information may be obtained from a resource reservation associated with the client. A maximum number of instances of the application that can be deployed corresponding to the client is determined based on the resource information required to deploy the instance of the application and the available resource information. A service catalog including the maximum number of instances of the application that can be deployed based on the blueprint is generated. The service catalog is used to enable deployment of at least one instance of the application corresponding to the client.Type: GrantFiled: October 24, 2017Date of Patent: March 3, 2020Assignee: VMware, Inc.Inventors: Rayanagouda Bheemanagouda Patil, Rahul Kumar
-
Publication number: 20190364047Abstract: Certain embodiments described herein are generally directed to systems and methods for preventing access to files on a virtual machine. One example method involves receiving network information associated with a network connection opened at the virtual machine and determining a process that opened the network connection. The method further involves receiving information indicative of a file access event attempted at the virtual machine and determining the process that opened the network connection initiated the file access event . The method further involves transmitting information indicative of the file access event and the network connection to a security virtual machine and receiving an enforcement decision for the file access event from the security virtual machine based on the information indicative of the file access event and the network connection. The method further involves applying the enforcement decision to either allow or prevent the file access event by the process.Type: ApplicationFiled: July 12, 2018Publication date: November 28, 2019Inventors: NILESH AWATE, Rayanagouda Bheemanagouda Patil, Vasantha Kumar, Amit Vasant Patil
-
Publication number: 20190213026Abstract: A system and method of communicating between a hypervisor and virtual machines using object agents within the hypervisor and the virtual machines. Further, the hypervisor and virtual machines include similar datastore mappings that allow the hypervisor and virtual machines to communicate with each other. The object agent of a virtual machine communicates information corresponding to a first object to the object agent of the hypervisor, and the object agent of the hypervisor updates a datastore mapping of the hypervisor. The hypervisor then communicates the information corresponding to the first object to an object agent of another virtual machine.Type: ApplicationFiled: February 26, 2018Publication date: July 11, 2019Inventors: Nidhi Sharma, Rayanagouda Bheemanagouda Patil, Goresh Musalay