Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.

Abstract: A method of creating micro-segmentation policies for a network is provided. The method identifies a set of network nodes as seed nodes. The method monitors network packet traffic flows for the seed nodes to collect traffic flow information. The method identifies a set of related nodes for the set of seed nodes based on the collected network flow information. The method analyzes the collected network flow information to identify micro-segmentation policies for the network.

Abstract: The technology disclosed herein enables the enhancement of attributes used to identify network packet traffic exchanged with micro segmented guests. In a particular embodiment, a method provides receiving a plurality of attributes from a user. The plurality of attributes describes first network packet traffic that should be handled in a first manner. The method further provides processing network packet traffic to identify the first network packet traffic using the plurality of attributes. While processing the network packet traffic, the method provides identifying one or more additional attributes shared among the first network packet traffic and adding at least a portion of the one or more additional attributes to the plurality of attributes.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for assigning security in networked computing environments. An example apparatus includes a deep packet inspector to: analyze a network communication from a virtual machine in a software defined network environment to determine an identifier of an application; and determine an application type executing on the virtual machine; a security controller to determine if a security group exists for the application type; and a user interface to present a recommendation to create a security group for the application type when a security group does not exist for the application type. The example security controller is further to add the virtual machine to the security group when the security group for the application type exists.

Abstract: Example methods are provided for a network management entity to perform firewall rule creation in a virtualized computing environment. The method may comprise obtaining flow data associated with an application-layer protocol session between a first endpoint and a second endpoint in the virtualized computing environment; and identifying, from the flow data, an association between a control flow and at least one data flow of the application-layer protocol session. The method may also comprise: based on the association, creating a firewall rule that is applicable to both the control flow and at least one data flow; and instructing a first firewall engine associated with the first endpoint, or a second firewall engine associated with the second endpoint, or both, to apply the firewall rule during the application-layer protocol session.

Abstract: The technology disclosed herein enables the enhancement of attributes used to identify network packet traffic exchanged with micro segmented guests. In a particular embodiment, a method provides receiving a plurality of attributes from a user. The plurality of attributes describes first network packet traffic that should be handled in a first manner. The method further provides processing network packet traffic to identify the first network packet traffic using the plurality of attributes. While processing the network packet traffic, the method provides identifying one or more additional attributes shared among the first network packet traffic and adding at least a portion of the one or more additional attributes to the plurality of attributes.

Abstract: For a network including multiple host machines that together implement at least one logical network including a firewall, some embodiments provide a method for collecting traffic flow data that includes identifiers for firewall rules applied to the traffic flow and a logical entity identifier. In some embodiments, the host machines receive traffic monitoring configuration data for a logical network. The traffic monitoring configuration data in some embodiments indicates a set of logical entities of the logical network for which to collect traffic flow data and a set of traffic flow data collectors associated with the set of logical entities. The indicated logical entities may be logical forwarding elements (logical switches, routers, etc.) or logical ports of logical forwarding elements.

Abstract: A method of creating micro-segmentation policies for a network is provided. The method identifies a set of network nodes as seed nodes. The method monitors network packet traffic flows for the seed nodes to collect traffic flow information. The method identifies a set of related nodes for the set of seed nodes based on the collected network flow information. The method analyzes the collected network flow information to identify micro-segmentation policies for the network.

Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.

Abstract: Example methods are provided for a network management entity to perform firewall rule creation in a virtualized computing environment. The method may comprise obtaining flow data associated with an application-layer protocol session between a first endpoint and a second endpoint in the virtualized computing environment; and identifying, from the flow data, an association between a control flow and at least one data flow of the application-layer protocol session. The method may also comprise: based on the association, creating a firewall rule that is applicable to both the control flow and at least one data flow; and instructing a first firewall engine associated with the first endpoint, or a second firewall engine associated with the second endpoint, or both, to apply the firewall rule during the application-layer protocol session.