-
公开(公告)号:US20210119971A1
公开(公告)日:2021-04-22
申请号:US16985664
申请日:2020-08-05
发明人: Saravanan Radhakrishnan , Anand Oswal , Ashwin Kumar , Paul Wayne Bigbee , Darrin Joseph Miller
IPC分类号: H04L29/06
摘要: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.
-
公开(公告)号:US20210119859A1
公开(公告)日:2021-04-22
申请号:US16991556
申请日:2020-08-12
发明人: Saravanan Radhakrishnan , Anand Oswal , Paul Wayne Bigbee , Darrin Joseph Miller , Thomas Leslie Peter Wood
摘要: Systems and methods are provided for receiving service instructions from a client regarding a network function at a network element, the service instructions including a table of network policies and rules, receiving data from a first edge node of a network fabric, processing the data received from the first edge node according to the service instructions regarding the network function, and providing the processed data to a second edge node of the network fabric based on the service instructions.
-
公开(公告)号:US10728158B2
公开(公告)日:2020-07-28
申请号:US16379352
申请日:2019-04-09
发明人: Michael Joseph Stepanek , Costas Kleopa , David McGrew , Blake Harrell Anderson , Saravanan Radhakrishnan
IPC分类号: H04L12/851 , H04L12/825 , H04L12/859 , H04L12/931 , H04L29/06 , H04W12/12
摘要: In one embodiment, a networking device in a network detects a traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.
-
公开(公告)号:US20200177550A1
公开(公告)日:2020-06-04
申请号:US16434115
申请日:2019-06-06
发明人: Vamsidhar Valluri , Saravanan Radhakrishnan , Anand Oswal , Vinay Prabhu , Sarah Adelaide Evans , Suraj Rangaswamy
IPC分类号: H04L29/06 , H04L12/46 , H04L12/741 , H04L12/751
摘要: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.
-
公开(公告)号:US11870755B2
公开(公告)日:2024-01-09
申请号:US17511412
申请日:2021-10-26
发明人: Vamsidhar Valluri , Saravanan Radhakrishnan , Anand Oswal , Vinay Prabhu , Sarah Adelaide Evans , Suraj Rangaswamy
IPC分类号: H04L12/46 , H04L9/40 , H04L45/02 , H04L45/745
CPC分类号: H04L63/0263 , H04L12/4641 , H04L45/02 , H04L45/745 , H04L63/0218 , H04L63/0236 , H04L63/0272 , H04L63/20
摘要: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.
-
公开(公告)号:US20230014351A1
公开(公告)日:2023-01-19
申请号:US17932092
申请日:2022-09-14
发明人: Saravanan Radhakrishnan , Anand Oswal , Ashwin Kumar , Paul Wayne Bigbee , Darrin Joseph Miller
IPC分类号: H04L9/40
摘要: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.
-
公开(公告)号:US20220200914A1
公开(公告)日:2022-06-23
申请号:US17694060
申请日:2022-03-14
发明人: Michael Joseph Stepanek , Costas Kleopa , David McGrew , Blake Harrell Anderson , Saravanan Radhakrishnan
IPC分类号: H04L47/2441 , H04L47/2483 , H04L47/25 , H04L47/2475 , H04L49/35 , H04L9/40 , H04W12/12 , H04W12/122 , H04W12/128
摘要: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.
-
公开(公告)号:US11201854B2
公开(公告)日:2021-12-14
申请号:US16434115
申请日:2019-06-06
发明人: Vamsidhar Valluri , Saravanan Radhakrishnan , Anand Oswal , Vinay Prabhu , Sarah Adelaide Evans , Suraj Rangaswamy
IPC分类号: H04L12/46 , H04L29/06 , H04L12/751 , H04L12/741
摘要: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.
-
公开(公告)号:US20200322275A1
公开(公告)日:2020-10-08
申请号:US16910380
申请日:2020-06-24
发明人: Michael Joseph Stepanek , Costas Kleopa , David McGrew , Blake Harrell Anderson , Saravanan Radhakrishnan
IPC分类号: H04L12/851 , H04L12/825 , H04L12/859 , H04L12/931 , H04L29/06 , H04W12/12
摘要: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.
-
公开(公告)号:US09860257B1
公开(公告)日:2018-01-02
申请号:US15619701
申请日:2017-06-12
CPC分类号: H04L63/14 , G06F1/26 , G06F1/263 , G06F1/28 , G06F11/3062 , G06F11/34 , H04L43/08 , H04L43/16 , H04L63/1425 , H04L63/1458
摘要: A network device communicates network traffic in one or more network flows via a plurality of ports. Each port is connected to a corresponding computing device. The network device collects flow-based network data associated with each corresponding computing device. The network device supplies electrical power to the corresponding computing devices via one or more of the ports, and collects power data associated with each corresponding computing device based on the electrical power supplied to each of the ports. The network device combines the flow-based network data for each corresponding computing device and the power data for each corresponding computer device to generate combined data associated with each corresponding computing device. The network device then exports the combined data for the corresponding computing devices to a security server, which detects anomalous behavior in the computing devices.
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.019 秒)
