Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.

Abstract: Computer-implemented methods, media, and systems for providing container visibility and observability are disclosed. In one computer-implemented method, a host device connected to a cloud server detects a plurality of events comprising a first event, wherein the host device hosts a plurality of containers that generate the plurality of events. The host device identifies a first container identifier of the first event, checks a container tracking database to determine if the container tracking database includes the first container identifier. In response to determining that the container tracking database does not include the first container identifier, the host device creates a container start event indicating a start of a first container identified by the first container identifier, and sends the container start event to the cloud server for providing a container inventory that reflects statuses of the plurality of events and the plurality of containers in the host device.

Abstract: Computer-implemented methods, media, and systems for providing container security manageability are disclosed. In one computer-implemented method, a host device connected to a cloud server detects an event of a plurality of events generated by a plurality of containers hosted in the host device. The host device identifies container context data of the event, associates the container context data with the event, sends the container context data to the cloud server for security analysis. The host device receives, from the cloud server, security rules based on the security analysis and implements the security rules.

Abstract: An example method of securing communication between a client and a security agent executing in a host includes: receiving, at the security agent, a connection request from the client; obtaining, by the security agent from an operating system executing in the host, a process identifier for the client; identifying, by the security agent, a file path for a process binary from which the client executed; verifying at least a portion of the file path against an expected value known by the security agent; validating a signature of the process binary; and accepting, at the security agent, the connection request from the client in response to successful verification of the file path and successful validation of the signature.

Abstract: A method of applying a security policy to a virtual computing instance, according to an embodiment, includes: determining that a universally unique identifier (UUID) of the virtual computing instance does not match an identifier stored in a configuration file of the virtual computing instance; transmitting a request to register the virtual computing instance with a cloud platform for managing security policies of a virtual infrastructure that includes the virtual computing instance, the request including the UUID of the virtual computing instance and the identifier stored in the configuration file of the virtual computing instance; in response to the request, receiving an identifier of a security policy to be applied; and retrieving the security policy and applying the security policy to the virtual computing instance.

Abstract: A method and system for data consistency across failure and recovery of infrastructure. In one embodiment of the method, copies of first data blocks stored in a source memory are sent to a target site via a data link. While sending one or more of the copies of the first data blocks to the target site, source hashes for second data blocks stored in the source memory are calculated, wherein the first data blocks are distinct from the second data blocks. While sending one or more of the copies of the first data blocks to the target site, target hashes of data blocks stored in a target memory of the target site are received. While sending one or more of the copies of the first data blocks to the target site, the source hashes are compared with the target hashes, respectively. After sending the first data blocks to the target site via the data link, copies of only those second data blocks are sent to the target site with source hashes that do not compare equally with respective target hashes.

Abstract: A method and system for data consistency across failure and recovery of infrastructure. In one embodiment of the method, copies of first data blocks stored in a source memory are sent to a target site via a data link. While sending one or more of the copies of the first data blocks to the target site, source hashes for second data blocks stored in the source memory are calculated, wherein the first data blocks are distinct from the second data blocks. While sending one or more of the copies of the first data blocks to the target site, target hashes of data blocks stored in a target memory of the target site are received. While sending one or more of the copies of the first data blocks to the target site, the source hashes are compared with the target hashes, respectively. After sending the first data blocks to the target site via the data link, copies of only those second data blocks are sent to the target site with source hashes that do not compare equally with respective target hashes.

Abstract: Some embodiments of the invention provide a method for deploying machines for users in a software-defined datacenter (SDDC). The method in some embodiments is performed by a host computer that executes one or more machines. The method formulates a prediction regarding a particular user that is likely to log into a particular machine (e.g., virtual machine (VM), Pod, container, etc.) executing on a host computer of the SDDC in a future time period. Before the user logs into the particular machine, the method pre-fetches from a server a set of rules for a set of network elements that will process data messages associated with the machine after the particular user starts using the particular machine. The method uses the pre-fetched set of rules to configure the set of network elements to process data messages from the particular machine when the particular user logs into the machine during the time period.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: Disclosed herein are methods, systems, and processes for migration between storage tiers. Such a method, for example, can include extracting one or more characteristics of a replication workload, determining one or more storage costs of each storage tier of a plurality of storage tiers (where the one or more storage costs are determined for the replication workload and the one or more storage costs are determined based, at least in part, on the one or more characteristics), identifying one or more storage tiers of the plurality of storage tiers (where the identifying is based, at least in part, on the one or more storage costs), and migrating at least a portion of the replication workload from a target storage unit in an initial storage tier to a storage unit in the one or more storage tiers.

Abstract: The disclosed computer-implemented method for managing replication of data to a remote storage device may include (1) maintaining a first bitmap and a second bitmap storing data acknowledging persistence of target data, respectively, at source and target gateways, where the target gateway serves the remote storage device, (2) sending replication data from a computing device to the source gateway, (3) setting a bit in the first bitmap, where the set bit corresponds to the replication data sent to the source gateway, (4) receiving a first acknowledgement indicating the source gateway received the replication data, (5) copying, in response to the first acknowledgement, the bit to the second bitmap, (6) clearing, in response to the first acknowledgement, the bit in the first bitmap, and (7) receiving a second acknowledgement indicating the target gateway received the replication data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an example, a behavioural characteristic of a workload running on a first host computing device in a data center may be monitored. Further, a security requirement of the workload may be determined based on the behavioural characteristic of the workload. Furthermore, a second host computing device that supports the security requirement of the workload may be determined. Further, a recommendation may be generated to migrate the workload running on the first host computing device to the second host computing device in the data center.

Abstract: Disclosed herein are methods, systems, and processes to provide and maintain data consistency during reverse replication. It is determined that a migrate operation or a reverse replication operation has been requested. Upon determining that the migrate operation or the reverse replication operation has been requested, a resynchronization identifier is set in a dirty region log (DRL) associated with a computing device that is subject to the migrate operation or the reverse replication operation. In response to the operation being the reverse replication operation, a master boot record (MBR) sector of a boot disk associated with the computing device is overwritten.

Abstract: Embodiments of the present disclosure relate to a method for preventing a service executing on a host machine from overrunning. The method receives, by the service running on the host machine, one or more packets via a data path. The method determines that the service is in or approaching an overrun state. Upon the determining, the method identifies a set of one or more virtual computing instances (VCIs) running on the host machine, and sends, via a first path different than the data path, a set of one or more signals to the set of VCIs, the one or more signals indicating to the set of VCIs to slow down transmitting network traffic via the data path.

Abstract: A system and method for automatically adjusting a learning mode duration on a virtual computing instance for an application security system extends a minimum duration of time for the learning mode duration for a guest agent running in the virtual computing instance based on a condition with respect to suspicious activities and deviations from normal behaviors detected during a fixed time interval. The guest agent is switched to a protected mode when the condition with respect to the suspicious activities and the deviations from the normal behaviors is satisfied for any fixed time interval after the minimum duration of time.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.