公开(公告)号：US20240056488A1

公开(公告)日：2024-02-15

申请号：US17886030

申请日：2022-08-11

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Vinay Saini ,  Akram Sheriff ,  Rajesh Indira Viswambharan ,  David John Zacks

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/0478

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

公开(公告)号：US20230376879A1

公开(公告)日：2023-11-23

申请号：US17747165

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: G06Q10/06 ,  H04L67/306 ,  H04L67/141 ,  H04L43/0876

CPC classification number: G06Q10/06398 ,  H04L67/306 ,  H04L67/141 ,  H04L43/0876

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

公开(公告)号：US11818137B2

公开(公告)日：2023-11-14

申请号：US17490004

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L29/06 ,  H04L9/40 ,  G06V40/16

CPC classification number: H04L63/104 ,  G06V40/173 ,  H04L63/20

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

公开(公告)号：US11792065B2

公开(公告)日：2023-10-17

申请号：US17674686

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L41/0654 ,  H04L9/40 ,  H04L61/103 ,  H04L41/0631 ,  H04L67/133

CPC classification number: H04L41/0627 ,  H04L41/0631 ,  H04L41/0654 ,  H04L61/103 ,  H04L63/101 ,  H04L67/133

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US11722359B2

公开(公告)日：2023-08-08

申请号：US17479297

申请日：2021-09-20

Applicant: Cisco Technology, Inc.

Inventor： Enzo Fenoglio ,  David John Zacks ,  Zizhen Gao ,  Carlos M. Pignataro ,  Dmitry Goloubev

IPC: H04L29/08 ,  H04L41/0631 ,  H04L43/04 ,  H04L41/16 ,  G06F18/214

CPC classification number: H04L41/064 ,  G06F18/214 ,  H04L41/16 ,  H04L43/04

Abstract: A method, computer system, and computer program product are provided for detecting drift in predictive models for network devices and traffic. A plurality of streams of time-series telemetry data are obtained, the time-series telemetry data generated by network devices of a data network. The plurality of streams are analyzed to identify a subset of streams, wherein each stream of the subset of streams includes telemetry data that is substantially empirically distributed. The subset of streams of time-series data are analyzed to identify a change point. In response to identifying the change point, additional time-series data is obtained from one or more streams of the plurality of streams of time-series telemetry data. A predictive model is trained using the additional time-series data to update the predictive model and provide a trained predictive model.

公开(公告)号：US11665078B1

公开(公告)日：2023-05-30

申请号：US17747642

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： Hans F. Ashlock ,  Thomas Szigeti ,  David John Zacks

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/06 ,  H04L43/10 ,  H04L41/12 ,  H04L43/04 ,  H04L43/062 ,  G06F16/27 ,  G06F16/23 ,  G06Q30/00

CPC classification number: H04L43/10 ,  H04L41/12 ,  H04L43/04 ,  H04L43/062

Abstract: Techniques are described for end-to-end network tracing involving external services. In one example, a synthetic agent identifies one or more external services that are involved in a process for interacting with a target application server. In response to identifying the one or more external services, the synthetic agent obtains telemetry data associated with the one or more external services. The synthetic agent correlates the telemetry data associated with the one or more external services and telemetry data associated with the target application server to generate an end-to-end network trace associated with the target application server.

公开(公告)号：US11601393B1

公开(公告)日：2023-03-07

申请号：US17493099

申请日：2021-10-04

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Akram Ismail Sheriff ,  Guy Keinan ,  Walter T. Hulick, Jr.

IPC: H04L61/4511

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

公开(公告)号：US20230033681A1

公开(公告)日：2023-02-02

申请号：US17390175

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Walter Theodore Hulick, JR. ,  David John Zacks ,  Thomas Szigeti

IPC: G06F9/54 ,  G06F11/30 ,  G06F11/34

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device identifies, based on where the application was instrumented, a particular method of the application. The device determines that a circuit breaker should be inserted for the particular method of the application. The device inserts a circuit breaker for the particular method.

公开(公告)号：US11509532B2

公开(公告)日：2022-11-22

申请号：US17021265

申请日：2020-09-15

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Peter Geoffrey Jones

IPC: H04L12/24 ,  H04L12/947 ,  H04L41/084 ,  H04L41/14 ,  H04L49/25

Abstract: Systems and methods provide for performing performance analytics processing of network traffic by copying packets of network traffic to a switch CPU based on a flag. The systems and methods disclosing receiving network traffic comprising one or more packet, generating a network traffic flow record associated with the received network traffic, the network traffic flow record including a copy-to-CPU bit and one or more function flag bits, setting the copy-to-CPU bit to an on configuration, processing the one or more packets by one or more functions to generate network flow analytics, wherein the one or more function flag bits are set in response to the one or more functions generating network flow analytics, and setting the copy-to-CPU bit to an off configuration.

公开(公告)号：US20220131761A1

公开(公告)日：2022-04-28

申请号：US17077073

申请日：2020-10-22

Applicant: Cisco Technology, Inc.

Inventor： Qihong Shao ,  David John Zacks ,  Xinjun Zhang

IPC: H04L12/24 ,  H04L12/26

Abstract: A method, computer system, and computer program product are provided for peer risk benchmarking. Customer data for a first network is obtained, wherein the customer data comprises a role of one or more network devices in the first network and a plurality of risk reports corresponding to the one or more network devices, and wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the one or more network devices. A network profile image is generated by processing the plurality of risk reports. A generative adversarial network generates a synthetic network profile image from the network profile image, wherein the synthetic network profile image does not include the customer data. A second network is evaluated using the synthetic network profile image to identify differences between the first network and the second network.