VMware, Inc.
HYPERVISOR-ASSISTED SECURITY MECHANISM

Abstract:

The disclosure provides an approach for hypervisor-assisted security analysis. Embodiments include receiving, at a hypervisor on a host computer, events from one or more virtual computing instances (VCIs). Embodiments include analyzing, by the hypervisor, the events according to one or more rules to identify a subset of the events for additional analysis. Embodiments include compressing, by the hypervisor, the subset of the events by performing deduplication to produce a compressed subset of the events. Embodiments include transmitting, by the hypervisor, the compressed subset of the events over a network to a separate analysis component, wherein the separate analysis component performs the additional analysis.