公开(公告)号：US12238014B2

公开(公告)日：2025-02-25

申请号：US18404403

申请日：2024-01-04

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L47/70 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US20240333765A1

公开(公告)日：2024-10-03

申请号：US18393487

申请日：2023-12-21

Applicant: Cisco Technology, Inc.

Inventor： David Arthur McGrew ,  Hugo Mike Latapie ,  Blake Anderson

IPC: H04L9/40

CPC classification number: H04L63/1491 ,  H04L63/1425

Abstract: In one aspect, a method for enhancing cybersecurity using Large Language Model (LLM)-generated honeypot schemes, the method includes generating a plurality of deceptive information using an LLM, configured to attract and engage potential attackers, where the plurality of deceptive information includes one or more characteristics referencing vulnerabilities of a network, continuously monitoring for interactions initiated by an interacting party with one or more components of the generated deceptive information, where the interaction is identified as a potential threat to the network, in response to detection of an interaction identified as a potential threat, extracting interaction data associated with the interacting party retrieved during the interaction, and retraining the LLM with the interaction data to create more effective honeypots.

公开(公告)号：US20240333747A1

公开(公告)日：2024-10-03

申请号：US18360676

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Blake Anderson ,  Hugo Mike Latapie ,  Oleg Bessonov ,  David Arthur McGrew ,  Michael Roytman ,  Tian Bu ,  William Michael Hudson, JR. ,  Nancy Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/145

Abstract: In one aspect, a method includes creating a polymorphic variant of a sample of malware, analyzing the polymorphic variant of the sample of malware by a security management service to determine if the polymorphic variant of the sample of malware evades detection by the security management service, when the security management service fails to detect the polymorphic variant during the analysis of the polymorphic variant, detonating the polymorphic variant in a virtualized environment to identify characterizations of the polymorphic variant, and training the security management service to detect the polymorphic variant based on the characterizations.

公开(公告)号：US11888760B2

公开(公告)日：2024-01-30

申请号：US17390319

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Andrew Chi ,  David Arthur McGrew ,  Saran Singh Ahluwalia

IPC: H04L47/70 ,  H04L43/08 ,  H04L67/10 ,  G06N20/00

CPC classification number: H04L47/82 ,  G06N20/00 ,  H04L43/08 ,  H04L67/10

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

公开(公告)号：US11477548B2

公开(公告)日：2022-10-18

申请号：US17716214

申请日：2022-04-08

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08 ,  H04Q9/02 ,  H04L9/40 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

公开(公告)号：US10932017B2

公开(公告)日：2021-02-23

申请号：US16436489

申请日：2019-06-10

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L9/32 ,  H04L9/08 ,  H04Q9/02 ,  H04L29/06 ,  H04Q9/00 ,  H04L9/30 ,  H04L9/06

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

公开(公告)号：US20190297402A1

公开(公告)日：2019-09-26

申请号：US16436489

申请日：2019-06-10

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L9/30 ,  H04Q9/00 ,  H04L29/06

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

公开(公告)号：US20160164848A1

公开(公告)日：2016-06-09

申请号：US15010679

申请日：2016-01-29

Applicant: Cisco Technology, Inc.

Inventor： Warren Scott Wainner ,  Sheela D. Rowles ,  Brian E. Weis ,  David Arthur McGrew ,  Scott R. Fluhrer ,  Kavitha Kamarthy

IPC: H04L29/06 ,  H04L12/18

CPC classification number: H04L63/0428 ,  H04L9/0833 ,  H04L9/0891 ,  H04L12/1818 ,  H04L63/061 ,  H04L63/104 ,  H04L63/20

Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.

Abstract translation: 公开了允许组成员检测到其他组成员使用过时加密策略的各种技术。 一种方法涉及经由网络从第一组成员接收消息。 该消息由第二组成员接收。 然后该方法检测到第一组成员不响应于消息中的信息使用由密钥服务器提供的最新策略更新。 作为响应，可以从第二组成员发送通知消息。 通知消息表示至少有一个组成员没有使用最近的策略更新。 通知消息可以发送到密钥服务器或朝向第一个组成员。