CPC H04L 63/1408 (2013.01) [H04L 43/04 (2013.01); H04L 43/0894 (2013.01); H04L 63/02 (2013.01); H04L 63/1425 (2013.01); H04L 43/062 (2013.01)] | 20 Claims |
1. A system comprising:
one or more processors; and
memory storing instructions which, when executed by the one or more processors, cause the one or more processors to:
obtain network data from sensor processes executing in a data center, the network data being at least partly based on operation system states associated with an operating system in the data center;
store connection data describing a connection between endpoints associated with one or more packets transmitted in the data center;
determine a status of the data center based on the network data and the connection data;
detect, based at least partly on the status of the data center, an indication of an attack within the data center; and
in response to the indication of the attack, modify a security policy based on the status of the data center.
|