公开(公告)号：US20190320047A1

公开(公告)日：2019-10-17

申请号：US16451723

申请日：2019-06-25

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/06 ,  H04L12/715 ,  H04L12/725 ,  H04L12/721

Abstract: A packet is received at a device configured to provide a service function within a network service chain. A network overlay and/or segmentation identifier is extracted from a header of the packet. The service function is applied to the packet according to policies specific to a network overlay and/or segmentation identified in the network overlay and/or segmentation identifier.

公开(公告)号：US10263898B2

公开(公告)日：2019-04-16

申请号：US15215499

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/26 ,  H04L12/813 ,  H04L12/851 ,  H04L12/859 ,  H04L12/24

Abstract: Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.

公开(公告)号：US12206646B2

公开(公告)日：2025-01-21

申请号：US18537156

申请日：2023-12-12

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L9/40 ,  H04L65/102

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US12015632B2

公开(公告)日：2024-06-18

申请号：US17390229

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： David M. Hanes ,  Gonzalo Salgueiro ,  Robert Edgar Barton ,  Sebastian Jeuk

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L63/1466

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

公开(公告)号：US11979375B2

公开(公告)日：2024-05-07

申请号：US17219157

申请日：2021-03-31

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  David Hanes ,  Gonzalo Salgueiro

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0236 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine. Further, a feedback loop may be established between the SASE engine and the endpoint device(s), enabling the SASE engine with the ability to autonomously and dynamically update security profiles.

公开(公告)号：US20240146727A1

公开(公告)日：2024-05-02

申请号：US17976009

申请日：2022-10-28

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  M. David Hanes

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/0263 ,  H04L63/20

Abstract: Techniques are described herein for implementing and using a secure access service edge (SASE) exchange system to allow SASE providers to share SASE services with other providers. A SASE exchange system may be used by any number of SASE providers to support SASE roaming by user endpoints between different SASE providers. A user endpoint may use SASE roaming to access additional sets of SASE services and capabilities that cannot be provided by a home SASE provider and/or other current SASE provider(s) of the user endpoint. In some examples, a SASE exchange system may be used to transition user endpoints from one SASE provider to another. Additionally or alternatively, the SASE exchange system may determine a combination of SASE providers that can be used to provide different subsets of shared SASE services/capabilities to a user endpoint.

公开(公告)号：US20240146696A1

公开(公告)日：2024-05-02

申请号：US18537156

申请日：2023-12-12

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L9/40 ,  H04L65/102

CPC classification number: H04L63/0263 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L65/102

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US20240028499A1

公开(公告)日：2024-01-25

申请号：US17871508

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Marisol Palmero Amador ,  Kanishka Priyadharshini Annamali ,  Sebastian Jeuk ,  Sayali Patil ,  Michael Francois Karl Wielpuetz

IPC: G06F11/36

CPC classification number: G06F11/3684 ,  G06F11/3688 ,  G06F11/3692

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

公开(公告)号：US20230299988A1

公开(公告)日：2023-09-21

申请号：US17699835

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Zhaoyi Jin ,  Hongling Cen ,  Bhargavkumar Ghanshyamlal Pandya ,  Yasi Xi ,  Sebastian Jeuk ,  Maria Soledad Palmero ,  Gonzalo Salgueiro

IPC: H04L12/18 ,  G06F3/0482 ,  G06F3/04815

CPC classification number: H04L12/1813 ,  G06F3/0482 ,  G06F3/04815

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

公开(公告)号：US11716282B2

公开(公告)日：2023-08-01

申请号：US17686577

申请日：2022-03-04

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L45/64 ,  H04L45/42 ,  H04L47/2425 ,  H04L45/12

CPC classification number: H04L45/64 ,  H04L45/12 ,  H04L45/42 ,  H04L47/2425

Abstract: Disclosed is a system and method of providing a segment routing as a service application. The method includes receiving a configuration of an internet protocol environment. The configuration can be a layer 3 configuration of a single cloud environment or even across multiple cloud environments. The configuration defines routing, forwarding, and paths in the environment between different entities such as virtual machines. The method includes receiving a parameter associated with a workload of a tenant. The parameter can be a service level agreement (i.e., a best bandwidth available), a pathway requirement, a parameter associated with specific workload, and so forth. Based on the configuration and the parameter, the method includes generating tenant-defined layer 3 overlay segment routing rules that define how the workload of the tenant will route data in the internet protocol environment using segment routing.