公开(公告)号：US20170075710A1

公开(公告)日：2017-03-16

申请号：US14855811

申请日：2015-09-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit C. Prasad ,  Shashidhar R. Gandham ,  Navindra Yadav ,  Khawar Deen ,  Shih-Chun Chang ,  Ashutosh Kulshreshtha ,  Anubhav Gupta

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L43/12

Abstract: Methods, systems, and computer readable media are provided for determining, in a virtualized network system, a relationship of a sensor relative to other sensors. In a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data is received from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors indicating one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, and all traffic flows observed by the second group of sensors are also observed by the third group of sensors. For each respective sensor, a location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

Abstract translation: 提供了方法，系统和计算机可读介质，用于在虚拟化网络系统中确定传感器相对于其他传感器的关系。 在其中部署多个软件传感器并且其中存在一个或多个业务流的虚拟化计算系统中，从多个传感器接收捕获的网络数据，来自多个传感器中的给定传感器的所捕获的网络数据指示 由给定传感器检测到的一个或多个交通流量。 分析所接收的捕获的网络数据，以便为每个相应的传感器识别第一组传感器，第二组传感器和第三组传感器，其中由第一组传感器观察到的所有交通流也被 第二组传感器，第二组传感器观测到的所有交通流量也由第三组传感器观察到。 对于每个相应的传感器，基于各个传感器是否属于第一组传感器，第二组传感器或第三组传感器来确定每个相应传感器相对于虚拟化计算系统内的其它传感器的位置。

公开(公告)号：US20160359913A1

公开(公告)日：2016-12-08

申请号：US15045210

申请日：2016-02-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/823 ,  H04L12/813

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

Abstract translation: 可以根据网络端点的安全性测量来定义条件策略。 在示例实施例中，网络流量监控系统可以监视端点之间的网络流，并且基于对网络流和其他数据的分析来量化这些端点的安全性。 可以创建条件策略，其在端点的安全测量是第一值或第一范围值时建立用于处理分组的一个或多个第一连接策略，以及用于处理分组的一个或多个第二连接策略。 连接策略可以包括允许连接，拒绝连接，使用特定路由重定向分组，或其他网络动作。 当网络流量监控系统检测到端点的安全性测量发生变化时，可以确定一个或多个适用的策略，并且系统可以更新网络的策略数据以执行策略。

公开(公告)号：US20160359877A1

公开(公告)日：2016-12-08

申请号：US15145630

申请日：2016-05-03

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Anubhav Gupta ,  Sunil Kumar Gupta ,  Varun Sagar Malhotra ,  Shashidhar Gandham

IPC: H04L29/06 ,  H04L12/26

Abstract: An example method can include receiving a traffic report from a sensor and using the traffic report to detect intra-datacenter flows. These intra-datacenter flows can then be compared with a description of historical flows. The description of historical flows can identify characteristics of normal and malicious flows. Based on the comparison, the flows can be classified and tagged as normal, malicious, or anomalous. If the flows are tagged as malicious or anomalous, corrective action can be taken with respect to the flows. A description of the flows can then be added to the description of historical flows.

Abstract translation: 示例性方法可以包括从传感器接收流量报告并使用流量报告来检测数据库内中间流。 然后将这些数据中心内流与历史流的描述进行比较。 历史流程的描述可以识别正常和恶意流的特征。 根据比较，流量可以分类和标记为正常，恶意或异常。 如果流被标记为恶意或异常，则可以针对流量采取纠正措施。 然后可以将流量的描述添加到历史流程的描述中。