US 12,069,101 B2
Context-aware security policies and incident identification via automated cloud graph building with security overlays
Tamer Salman, Haifa (IL)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Sep. 20, 2021, as Appl. No. 17/479,464.
Prior Publication US 2023/0088034 A1, Mar. 23, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 29/06 (2006.01)
CPC H04L 63/205 (2013.01) 20 Claims
OG exemplary drawing
 
1. A system comprising:
a memory that stores program code; and
a processing system, comprising one or more processors, configured to receive the program code from the memory and, in response to at least receiving the program code, to:
generate graph nodes, of a graph associated with a computing system, that represent resources associated with the computing system and entities associated with the computing system that have respective associations to the resources, a generated graph node of the graph corresponding to a virtual machine (VM);
assign determined security attributes to respective graph nodes that represent the entities;
generate static connections in the graph between the graph nodes based at least on metadata of the entities and relationships between the entities;
generate dynamic connections in the graph between the graph nodes based at least on monitored communications between one or more of the resources, a dynamic connection of the dynamic connections generated based on actual traffic between corresponding resources, the actual traffic for a dynamic connection associated with the graph node corresponding to the VM comprising VM traffic with a resource associated with another node of the graph; and
perform a security action for the computing system based at least on a relationship between a set of the graph nodes of the graph.