公开(公告)号：US20210075799A1

公开(公告)日：2021-03-11

申请号：US16562017

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Paul Wayne Bigbee ,  Darrin Joseph Miller ,  Madhusudan Nanjanagud

IPC: H04L29/06 ,  H04L12/721 ,  G06K9/62 ,  G06N20/00

Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.

公开(公告)号：US10911453B2

公开(公告)日：2021-02-02

申请号：US15854155

申请日：2017-12-26

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Mark Grayson ,  Santosh Ramrao Patil ,  Jerome Henry ,  Bart Brinckman ,  Mark Allen Webb

IPC: H04L29/06 ,  H04W76/10 ,  H04W12/06 ,  H04W12/08 ,  H04W88/10 ,  H04W88/06 ,  H04W36/14

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network. In some implementations, accessing the second network via the authentication criterion satisfies an operating threshold associated with the mobile device.

公开(公告)号：US10904322B2

公开(公告)日：2021-01-26

申请号：US16009485

申请日：2018-06-15

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Swaminathan Anantha ,  Sourav Chakraborty ,  Shyam Sundar Vaidyanathan ,  Gangadharan Byju Pularikkal

IPC: H04L29/08 ,  H04L12/26 ,  H04L12/66

Abstract: The disclosed technology relates to systems and methods for automatically scaling down network resources, such as servers or gateway instances, based on predetermined thresholds. A system is configured to detect a reduction in one or more network metrics related to a first server, and instruct the first server to issue a rekey request to a plurality of devices connected to the first server. The system is further configured to instruct a load balancer to route to at least one other server responses from the plurality of devices to the rekey request, and determine a number of connections remaining between the first server and the plurality of devices. The system may be further configured to instruct the load balancer to terminate the first server based on the detected number of connections remaining between the first server and the plurality of devices.

公开(公告)号：US20200236112A1

公开(公告)日：2020-07-23

申请号：US16251654

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Bart Brinckman ,  Madhusudan Nanjanagud

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/26

Abstract: In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic.

公开(公告)号：US10517014B2

公开(公告)日：2019-12-24

申请号：US15791917

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Kedar K. Gaonkar

IPC: H04W28/02 ,  H04W24/02 ,  H04L12/26 ,  H04W24/08 ,  H04W88/08 ,  H04W84/04

Abstract: A method of controlling performance of a wireless device is performed by a node that is in electronic communication with a cellular network. The node includes a processor, a non-transitory memory, and a network interface. The method includes receiving a performance value characterizing a performance of a communication channel between a wireless device and a wireless access point. In some implementations, the wireless device and the cellular network are associated with different radio access technologies (RATs). The method includes determining whether the performance value breaches a performance criterion for the wireless device. The method includes adjusting a first amount of data transmitted to the wireless device from a base station of the cellular network and a second amount of data transmitted to the wireless device from the wireless access point. In some implementations, the combined first and second amounts of data satisfy the performance criterion for the wireless device.

公开(公告)号：US20190387049A1

公开(公告)日：2019-12-19

申请号：US16009485

申请日：2018-06-15

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Swaminathan Anantha ,  Sourav Chakraborty ,  Shyam Sundar Vaidyanathan ,  Gangadharan Byju Pularikkal

IPC: H04L29/08 ,  H04L12/66 ,  H04L12/26

Abstract: The disclosed technology relates to systems and methods for automatically scaling down network resources, such as servers or gateway instances, based on predetermined thresholds. A system is configured to detect a reduction in one or more network metrics related to a first server, and instruct the first server to issue a rekey request to a plurality of devices connected to the first server. The system is further configured to instruct a load balancer to route to at least one other server responses from the plurality of devices to the rekey request, and determine a number of connections remaining between the first server and the plurality of devices. The system may be further configured to instruct the load balancer to terminate the first server based on the detected number of connections remaining between the first server and the plurality of devices.

公开(公告)号：US20190132341A1

公开(公告)日：2019-05-02

申请号：US15795670

申请日：2017-10-27

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal

IPC: H04L29/06 ,  H04W12/12 ,  H04W24/00

CPC classification number: H04L63/1425 ,  H04W12/12 ,  H04W24/00 ,  H04W24/04 ,  H04W24/08 ,  H04W76/27

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

公开(公告)号：US20190124543A1

公开(公告)日：2019-04-25

申请号：US15791917

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Kedar K. Gaonkar

IPC: H04W28/02 ,  H04W24/02 ,  H04W24/08 ,  H04L12/26

CPC classification number: H04W28/0268 ,  H04L43/0823 ,  H04L43/0888 ,  H04L43/16 ,  H04W24/02 ,  H04W24/08 ,  H04W84/042 ,  H04W88/08

Abstract: A method of controlling performance of a wireless device is performed by a node that is in electronic communication with a cellular network. The node includes a processor, a non-transitory memory, and a network interface. The method includes receiving a performance value characterizing a performance of a communication channel between a wireless device and a wireless access point. In some implementations, the wireless device and the cellular network are associated with different radio access technologies (RATs). The method includes determining whether the performance value breaches a performance criterion for the wireless device. The method includes adjusting a first amount of data transmitted to the wireless device from a base station of the cellular network and a second amount of data transmitted to the wireless device from the wireless access point. In some implementations, the combined first and second amounts of data satisfy the performance criterion for the wireless device.

公开(公告)号：US12289640B2

公开(公告)日：2025-04-29

申请号：US17882859

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Einar Nilsen-Nygaard ,  Vivek Agarwal ,  Ajeet Pal Singh Gill ,  Ravi Sankar Mantha ,  Saravanan Radhakrishnan

IPC: H04W28/12 ,  H04L41/40 ,  H04W40/24

Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.

公开(公告)号：US12003348B2

公开(公告)日：2024-06-04

申请号：US17649955

申请日：2022-02-04

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder S. Sambi ,  Sanjay K. Hooda ,  Gangadharan Byju Pularikkal ,  Kedar Karmarkar

IPC: H04L12/46 ,  H04L12/18 ,  H04L61/5014 ,  H04L61/58 ,  H04L101/668

CPC classification number: H04L12/4679 ,  H04L12/1886 ,  H04L12/4633 ,  H04L61/5014 ,  H04L61/58 ,  H04L2101/668 ,  H04L2212/00

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to an identifier and tag.