公开(公告)号：US20240297852A1

公开(公告)日：2024-09-05

申请号：US18404403

申请日：2024-01-04

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L47/70 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

CPC classification number: H04L47/82 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US20190068362A1

公开(公告)日：2019-02-28

申请号：US15692288

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： BLAKE HARRELL ANDERSON ,  Andrew Chi ,  David McGrew ,  Scott William Dunlop

IPC: H04L9/08 ,  H04L29/06 ,  H04W72/04 ,  G06N5/02

Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

公开(公告)号：US10536268B2

公开(公告)日：2020-01-14

申请号：US15692288

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David McGrew ,  Scott William Dunlop

IPC: H04L29/06 ,  H04W72/04 ,  H04L9/08 ,  G06N5/02

Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

公开(公告)号：US20230029656A1

公开(公告)日：2023-02-02

申请号：US17390319

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L12/911 ,  G06N20/00 ,  H04L29/08 ,  H04L12/26

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US20220094529A1

公开(公告)日：2022-03-24

申请号：US17543427

申请日：2021-12-06

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David McGrew ,  Scott William Dunlop

IPC: H04L9/08 ,  H04L29/06 ,  H04W72/04 ,  G06N5/02

Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

公开(公告)号：US12238014B2

公开(公告)日：2025-02-25

申请号：US18404403

申请日：2024-01-04

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L47/70 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US11888760B2

公开(公告)日：2024-01-30

申请号：US17390319

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L47/70 ,  H04L43/08 ,  H04L67/10 ,  G06N20/00

CPC classification number: H04L47/82 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US11196546B2

公开(公告)日：2021-12-07

申请号：US16701373

申请日：2019-12-03

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David McGrew ,  Scott William Dunlop

IPC: H04L29/06 ,  H04W72/04 ,  H04L9/08 ,  G06N5/02

Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.