公开(公告)号：US12282575B2

公开(公告)日：2025-04-22

申请号：US17859720

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé Muyal ,  Jean Andrei Diaconu ,  Frank Brockners ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F9/54 ,  G06F21/60 ,  G06F16/2457

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

公开(公告)号：US20250097252A1

公开(公告)日：2025-03-20

申请号：US18470884

申请日：2023-09-20

Applicant: Cisco Technology, Inc.

Inventor： Arash Salarian ,  Marcelo Yannuzzi ,  Hendrikus G.P. Bosch ,  Jeffrey Michael Napper

IPC: H04L9/40

Abstract: Techniques for using real-time metrics and telemetry information to dynamically prioritize attack paths identified during a static analysis of a cloud native application, and using top priority attack paths identified during the static analysis to steer the dynamic analysis. The techniques may include identifying components of the cloud native application and connections between the components. The components and connections are analyzed to identify a set of attack paths. Network communications are monitored between the connections and metrics representing signals in the communications collected. A first subset of the attack paths based on a first portion of the metric indicating a real-time security vulnerability are identified. Finally, the first subset of the attack paths is prioritized over a second subset of the attack paths based at least in part on the first subset having the first portion of the metrics indicating real-time security vulnerabilities.

公开(公告)号：US12149564B2

公开(公告)日：2024-11-19

申请号：US17877508

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Benjamin William Ryder ,  Jean Andrei Diaconu ,  Hervé Muyal ,  Hitesh S. Saijpal

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/40

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

公开(公告)号：US20240323090A1

公开(公告)日：2024-09-26

申请号：US18189879

申请日：2023-03-24

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Marcelo Yannuzzi

IPC: H04L41/12

CPC classification number: H04L41/12 ,  G06Q50/06 ,  H04L43/08 ,  Y02D10/00

Abstract: Described herein are embodiments related to systems, methods, and processes for sharing sustainability-related attributes and data across multiple domains. More specifically, some embodiments describe a sustainability aggregation device which may include a controller or other processor, and a memory. The memory includes a sustainability aggregation logic that can receive telemetry data associated with a first network domain, and in response, generate a multi-layer topology graph for the first network domain. In response to the graph being generated, it can be augmented with one or more sustainability-related attributes. However, the device can prune the augmented multi-layer topology graph based on one or more export policies and export the pruned augmented multi-layer topology graph to a second network domain. The multi-layer topology graph may also be utilized within a closed-loop system to monitor various aspects of the network domain and adjust one or more configurations as needed based on the received data.

公开(公告)号：US20240273187A1

公开(公告)日：2024-08-15

申请号：US18326194

申请日：2023-05-31

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Jean Diaconu ,  Jeffrey M. Napper ,  Herve Muyal ,  Hendrikus G. P. Bosch

IPC: G06F21/55 ,  G06F16/9035 ,  G06F16/907 ,  G06F21/62

CPC classification number: G06F21/552 ,  G06F16/9035 ,  G06F16/907 ,  G06F21/6254 ,  G06F2221/034

Abstract: In one embodiment, a method for storing auditable metadata, by a system, includes receiving incoming signals communicated from at least one application service to a first pod associated with a user space of a node. The method further includes extracting metadata associated with data provided by the received incoming signals. The method further includes receiving outgoing signals communicated from the first pod to an external entity, wherein the incoming signals and the outgoing signals are received by a listener module. The method further includes comparing the incoming signals to the outgoing signals to detect a variation and determining that the data has been transmitted to the external entity based on a determination that there is no detected variation from the comparison between the incoming signals and the outgoing signals.

公开(公告)号：US20240265112A1

公开(公告)日：2024-08-08

申请号：US18330214

申请日：2023-06-06

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey M. Napper ,  Hendrikus G. P. Bosch ,  Jean Diaconu ,  Marcelo Yannuzzi ,  Alessandro Duminuco ,  Guillaume Sauvage De Saint Marc ,  Marc Scibelli

IPC: G06F21/57 ,  G06F9/451

CPC classification number: G06F21/577 ,  G06F9/451 ,  G06F2221/033

Abstract: A system and a method to map attack paths in a visualization interface may include storing in a memory asset inventory indicating application assets, attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may obtain security parameters from a security framework indicating one or more attack techniques, associate each of the vulnerable assets to one or more of the security parameters, and generate a visual interface showing the vulnerable assets and the security parameters. The processor may determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers and the security parameters in the visual interface.

公开(公告)号：US11863388B1

公开(公告)日：2024-01-02

申请号：US18193935

申请日：2023-03-31

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Eric A. Voit ,  Nagendra Kumar Nainar ,  Marcelo Yannuzzi

IPC: H04L41/0833 ,  H04L45/48 ,  H04L41/12

CPC classification number: H04L41/0833 ,  H04L41/12 ,  H04L45/48

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

公开(公告)号：US11330546B1

公开(公告)日：2022-05-10

申请号：US17119677

申请日：2020-12-11

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Herve Muyal ,  Bart A. Brinckman ,  Vikas S. Murthy

IPC: H04W60/00 ,  H04W4/029 ,  H04W12/63 ,  H04W12/06 ,  H04L29/08 ,  H04L67/55

Abstract: Embodiments herein registers Asset Owners (AOs) and AO applications to a location, aggregation, and insight (LAI) service that are part of the same identity federation. When registering the AO with the LAI service, the AO selects which of a plurality of Identity Providers (IDPs) it has a relationship with, and the LAI service can then bind those IDPs to the AO application. This binding associates respective realms (e.g., domains) corresponding to the selected IDPs to the AO application. Later, when a device owned by the AO roams to a visited network (VN), the LAI service can then use a realm identified from a device ID provided by the device to identify the ID of the AO application. The LAI service then enables the VN to transmit a location of the device to the AO application. In one embodiment, the VN obtains consent from the AO before sharing location data.

公开(公告)号：US10122695B2

公开(公告)日：2018-11-06

申请号：US14924799

申请日：2015-10-28

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Yi Zheng ,  Helder F. Antunes ,  Marcelo Yannuzzi ,  Gonzalo Salgueiro ,  Joseph Michael Clarke

IPC: H04L29/06 ,  H04L12/26 ,  H04W12/10 ,  H04W4/70

Abstract: In one embodiment, a first device in a network receives information regarding one or more nodes in the network. The first device determines a property of the one or more nodes based on the received information. The first device determines a degree of trustworthiness of the one or more nodes based on the received information. The first device attests to the determined property and degree of trustworthiness of the one or more nodes to a verification device. The verification device is configured to verify the attested property and degree of trustworthiness.

公开(公告)号：US12273239B2

公开(公告)日：2025-04-08

申请号：US18381426

申请日：2023-10-18

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Eric A. Voit ,  Nagendra Kumar Nainar ,  Marcelo Yannuzzi

IPC: H04L41/0833 ,  H04L41/12 ,  H04L45/48

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.