A peripheral device includes one or more processors and a memory storing program instructions that when executed implement an extension manager of a virtualized computing service. The extension manager establishes a secure network channel for communications between the peripheral device, which is located at a premise external to a provider network, and a data center of the provider network. The extension manager assigns a network address of the substrate network of the service to a hardware server at the external premise. The substrate address is also assigned to an extension traffic intermediary at the data center. In response to a command directed to the virtualized computing service, one or more compute instance configuration operations are performed at the hardware server.

The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.

Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a baseline behavior profile for a gateway virtual machine is transmitted from a management service to a gateway security process executed in a gateway device. The management service receives an anomaly notification including an indication of an anomaly from the baseline behavior profile. The managements service generates a user interface that shows a description of the anomaly.

Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a system folder is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the system folder is generated by accessing current frame buffer data stored on the graphics card.

A time period is received from a user over which memory settings of a microservice are to be dynamically managed. Memory settings for the microservice are stored in a configuration file. During the time period, memory utilization of a set of memory regions provided by a process virtual machine for execution of the microservice is monitored. The memory utilization of each memory region is analyzed to identify memory regions that have been over-utilized and memory regions that have been under-utilized. For each memory region identified as being over-utilized or under-utilized, a memory setting in the configuration file and corresponding to an identified memory region is changed. After the change and once the microservice has entered an idle state, a command is generated to restart the microservice so that the changed memory settings can take effect.

Techniques for threat scanning transplanted containers are described. A method of threat scanning transplanted containers may include generating a container map of running containers on a block storage volume mounted to a scanning instance of a threat scanning service, scanning the block storage volume by a scanning engine of the scanning instance, identifying at least one threat on the block storage volume, and identifying at least one container associated with the at least one threat using the container map.

An industrial information hub (IIH) and an industrial development hub (IDH) serve as an industrial ecosystem platform where multiple participants can deliver repeatable and standardized services relevant to their core competencies. The IIH system is centered around the development of an ecosystem that creates and delivers value to users—including industrial enterprises, OEMs, system integrators, vendors, etc.—through the aggregation of digital content and domain expertise. The IIH system serves as a trusted information broker between the ecosystem and the OT environments of plant facilities, and provides a platform for connecting assets, contextualizing asset data and providing secure access to the ecosystem. As part of this ecosystem, the IIH system uses a secure remote access architecture to allow users to remotely access data on their plant floor assets via a virtual private network connection.

An industrial development hub (IDH) supports industrial development and testing capabilities that are offered as a cloud-based service. The IDH comprises an enhanced storage platform and associated design tools that serve as a repository on which customers can store control project code, device configurations, and other digital aspects of an industrial automation project. The IDH system can facilitate discovery and management of digital content associated with control systems, and can be used for system backup and restore, code conversion, and version management. The IDH also supports storage and instantiation of virtual machine images preconfigured with digital engineering applications that can be instantiated and executed remotely as part of a digital engineering services framework.

Disclosed herein are an apparatus and method for preventing a security threat to a virtual machine. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured such that a hypervisor for virtualization in a host kernel executes a virtualization instruction corresponding to the service requested by a virtual machine of a host application and such that a hypervisor for monitoring interrupts the virtualization instruction in response to a security threat event occurring in the monitoring area of the hypervisor for virtualization and controls the process and thread of the host kernel. The hypervisor for monitoring is located in an area separate from the area in which the hypervisor for virtualization is located in the host kernel.

Some embodiments of the invention provide a novel method for managing layer four (L4) ports associated with a machine executing on a host computer. The method collects a set of contextual attributes relating to applications executing on the machine. It then analyzes the collected contextual attributes to identify at least one L4 port that has to have its status modified. Next, it modifies the status of the identified L4 port. In some embodiments, the status of an L4 port can be either open or closed, and the modification can open a closed port or close an open port. In some embodiments, the method is performed when the machine starts up on the host computer, performed each time a new application is installed on the machine, performed periodically to close unused L4 ports, and/or performed periodically to close L4 ports that should not be open based on a set of L4-port control policies.