公开(公告)号：US20230014842A1

公开(公告)日：2023-01-19

申请号：US17935771

申请日：2022-09-27

申请人： CISCO TECHNOLOGY, INC.

发明人： Jackson Ngoc Ki Pang ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Supreeth Hosur Nagesh Rao ,  Sunil Kumar Gupta

IPC分类号： H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L45/302

摘要： An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

公开(公告)号：US10686804B2

公开(公告)日：2020-06-16

申请号：US16179027

申请日：2018-11-02

申请人： Cisco Technology, Inc.

发明人： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC分类号： H04L29/06 ,  H04L12/26

摘要： An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US10567247B2

公开(公告)日：2020-02-18

申请号：US15145630

申请日：2016-05-03

申请人： Cisco Technology, Inc.

发明人： Ashutosh Kulshreshtha ,  Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Anubhav Gupta ,  Sunil Kumar Gupta ,  Varun Sagar Malhorta ,  Shashidhar Gandham

IPC分类号： G06F17/00 ,  H04L29/06 ,  H04L12/26 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

摘要： An example method can include receiving a traffic report from a sensor and using the traffic report to detect intra-datacenter flows. These intra-datacenter flows can then be compared with a description of historical flows. The description of historical flows can identify characteristics of normal and malicious flows. Based on the comparison, the flows can be classified and tagged as normal, malicious, or anomalous. If the flows are tagged as malicious or anomalous, corrective action can be taken with respect to the flows. A description of the flows can then be added to the description of historical flows.

公开(公告)号：US20190260653A1

公开(公告)日：2019-08-22

申请号：US16403797

申请日：2019-05-06

申请人： Cisco Technology, Inc.

发明人： Navindra Yadav ,  Supreeth Hosur Nagesh Rao ,  Ashutosh Kulshreshtha ,  Omid Madani ,  Jackson Ngoc Ki Pang ,  Khawar Deen ,  Ellen Ellen Scheib

IPC分类号： H04L12/26 ,  G06N20/00 ,  G06F16/29 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06F21/56 ,  G06F21/55 ,  H04L29/06 ,  H04L12/813 ,  H04L9/32 ,  H04L9/08 ,  H04L12/721 ,  G06F21/53 ,  H04L12/24 ,  H04L12/851 ,  H04L12/725 ,  H04L12/823 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04W72/08 ,  H04L1/24 ,  H04L29/08 ,  G06F3/0484 ,  H04L12/723 ,  H04L12/833 ,  H04L12/741 ,  H04L12/801 ,  H04W84/18 ,  H04L12/715 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  G06F16/11 ,  G06F16/17 ,  G06F16/13 ,  G06N99/00 ,  G06F16/16 ,  G06F16/23 ,  G06F16/174 ,  G06F9/455

摘要： An example method can include monitoring a network to identify flows between nodes in the network. Once flows have been identified, the flows can be tagged and labelled according to the type of traffic they represent. If a flow represents malicious or otherwise undesirable traffic, it can be tagged accordingly. A request can then be made for a reputation score of an entity which can identify one or more nodes of the network.

公开(公告)号：US10009240B2

公开(公告)日：2018-06-26

申请号：US15172274

申请日：2016-06-03

申请人： Cisco Technology, Inc.

发明人： Supreeth Hosur Nagesh Rao ,  Ashutosh Kulshreshtha ,  Omid Madani ,  Jackson Ngoc Ki Pang ,  Navindra Yadav

IPC分类号： H04L29/06 ,  H04L12/26 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715

CPC分类号： H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

摘要： A method provides for associating reputation scores with policies, stacks and hosts within a network and upon receiving information about a newly provisioned entity (such as a host or a stack), recommending a policy scheme for the newly provisioned entity that will result in a particular reputation score of the reputation scores. The method further includes implementing the policy scheme for the newly provisioned entity.

公开(公告)号：US20160359872A1

公开(公告)日：2016-12-08

申请号：US15134100

申请日：2016-04-20

申请人： Cisco Technology, Inc.

发明人： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow ,  Andrew Sloane

IPC分类号： H04L29/06 ,  H04L12/26

CPC分类号： H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

摘要： An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

摘要翻译： 示例性方法包括在整个数据中心中检测，使用传感器分组。 然后，传感器可以将数据包日志发送到各种收集器，然后可以识别和汇总数据中心中的数据流。 然后，收集器可以将流日志发送到分析模块，分析模块可以识别数据中心的状态并检测攻击。

公开(公告)号：US20160359703A1

公开(公告)日：2016-12-08

申请号：US15152293

申请日：2016-05-11

申请人： Cisco Technology, Inc.

发明人： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Ashutosh Kulshreshtha ,  Supreeth Hosur Nagesh Rao ,  Khawar Deen ,  Navindra Yadav

IPC分类号： H04L12/26 ,  G06F9/455 ,  H04L12/24

CPC分类号： H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

摘要： Systems, methods, and computer-readable media for determining sensor placement and topology. In some embodiments, a system can receive messages from sensors deployed around a network, each of the messages reporting a respective flow captured by a reporting sensor from the sensors. Next, the system can identify flows reported in the messages and, for each of the flows, generate a respective list of sensors that reported that flow. Based on the respective list of sensors, the system can infer a respective placement of the sensors within the network and a topology of the sensors. For example, the system can determine that a first sensor is deployed in a virtual machine, a second sensor is deployed in a hypervisor hosting the virtual machine, and a third sensor is deployed in a network device configured to route traffic associated with the hypervisor.

摘要翻译： 用于确定传感器位置和拓扑的系统，方法和计算机可读介质。 在一些实施例中，系统可以接收来自围绕网络部署的传感器的消息，每个消息报告由传感器由报告传感器捕获的相应流。 接下来，系统可以识别在消息中报告的流，并且对于每个流，生成报告该流的传感器的相应列表。 基于相应的传感器列表，系统可以推断传感器在网络内的相应位置和传感器的拓扑结构。 例如，系统可以确定第一传感器部署在虚拟机中，第二传感器部署在托管虚拟机的管理程序中，并且第三传感器部署在被配置为路由与管理程序相关联的流量的网络设备中。

公开(公告)号：US20240179153A1

公开(公告)日：2024-05-30

申请号：US18436185

申请日：2024-02-08

申请人： Cisco Technology, Inc.

发明人： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC分类号： H04L9/40 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894

CPC分类号： H04L63/1408 ,  H04L43/04 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425 ,  H04L43/062

摘要： An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US11895156B2

公开(公告)日：2024-02-06

申请号：US17931595

申请日：2022-09-13

申请人： Cisco Technology, Inc.

发明人： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Hongyang Zhang ,  Kai Zhu

IPC分类号： H04L9/40

CPC分类号： H04L63/20 ,  H04L63/101 ,  H04L63/145 ,  H04L63/1416

摘要： The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

公开(公告)号：US11698976B2

公开(公告)日：2023-07-11

申请号：US16922565

申请日：2020-07-07

申请人： Cisco Technology, Inc.

发明人： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Songlin Li

IPC分类号： H04L29/00 ,  G06F21/57 ,  H04L9/40

CPC分类号： G06F21/577 ,  H04L63/1433 ,  H04L63/20 ,  G06F2221/033

摘要： Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.