公开(公告)号：US20210266291A1

公开(公告)日：2021-08-26

申请号：US16801430

申请日：2020-02-26

Applicant: Cisco Technology Inc.

Inventor： Balaji Sundararajan ,  Venkatesh Gota B R ,  Sireesha Yeruva ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04L29/06 ,  H04L12/741 ,  H04L1/18

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

公开(公告)号：US20250106228A1

公开(公告)日：2025-03-27

申请号：US18971699

申请日：2024-12-06

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

公开(公告)号：US12218779B2

公开(公告)日：2025-02-04

申请号：US18674166

申请日：2024-05-24

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Madhuri Kolli ,  Giorgio Valentini ,  Venkatraman Venkatapathy ,  Avinash Ashok Kumar Chiganmi ,  Vivek Agarwal

IPC: H04L12/46 ,  H04L12/66 ,  H04L45/00 ,  H04L45/02

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

公开(公告)号：US20250030743A1

公开(公告)日：2025-01-23

申请号：US18356937

申请日：2023-07-21

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Kannan Kumar ,  Madhu Somu ,  Ramakumara Kariyappa ,  Kushal A Patel ,  Vishnuprasad Raghavan ,  Deepthi Tammireddy

IPC: H04L9/40 ,  H04L43/062

Abstract: Methods and systems are described herein for dynamically applying a security policy based on one or more tag attributes. The method comprises receiving, at a network controller, information about an instance of a cloud workload instantiated at a cloud provider. The cloud workload is associated with a tag attribute. The method further comprises querying the cloud provider for at least one IP address associated with the tag attribute and learning the at least one IP address associated with the tag attribute, including the IP address for the instance of the cloud workload. The method further comprises associating a security policy with the at least one IP address associated with the tag attribute and propagating the security policy to at least one edge router for implementation.

公开(公告)号：US20250030638A1

公开(公告)日：2025-01-23

申请号：US18908162

申请日：2024-10-07

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US12088426B2

公开(公告)日：2024-09-10

申请号：US17882752

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Anand Oswal ,  Chethan Channappa ,  Subhash Kodnad ,  Jeevan Sharma

IPC: H04L12/28 ,  G06F9/455 ,  G16Y30/10 ,  H04L9/40 ,  H04L12/66 ,  H04L41/0894 ,  H04L41/14 ,  H04L41/50 ,  H04L47/76 ,  H04L49/00 ,  H04L67/12 ,  H04W92/02

CPC classification number: H04L12/2856 ,  G06F9/45558 ,  G16Y30/10 ,  H04L12/2854 ,  H04L12/66 ,  H04L41/0894 ,  H04L41/145 ,  H04L41/5032 ,  H04L47/76 ,  H04L49/70 ,  H04L63/20 ,  H04L67/12 ,  H04W92/02 ,  G06F2009/45595

Abstract: The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.

公开(公告)号：US12052273B2

公开(公告)日：2024-07-30

申请号：US18066446

申请日：2022-12-15

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US20240250966A1

公开(公告)日：2024-07-25

申请号：US18594437

申请日：2024-03-04

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

公开(公告)号：US20240223403A1

公开(公告)日：2024-07-04

申请号：US18610512

申请日：2024-03-20

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Madhuri Kolli ,  Giorgio Valentini ,  Venkatraman Venkatapathy ,  Avinash Ashok Kumar Chiganmi ,  Vivek Agarwal

IPC: H04L12/46 ,  H04L12/66 ,  H04L45/00 ,  H04L45/02

CPC classification number: H04L12/4666 ,  H04L12/465 ,  H04L12/4675 ,  H04L12/66 ,  H04L45/04 ,  H04L45/54

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

公开(公告)号：US20240214402A1

公开(公告)日：2024-06-27

申请号：US18594482

申请日：2024-03-04

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.