公开(公告)号：US20180091540A1

公开(公告)日：2018-03-29

申请号：US15276808

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Hillel SOLOW ,  Ezra DARSHAN ,  Harel CAIN ,  Steve EPSTEIN ,  Arnold ZUCKER

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/1441

Abstract: In one embodiment, a method for assessing security posture for entities in a computing, network is implemented On a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

公开(公告)号：US20170374082A1

公开(公告)日：2017-12-28

申请号：US15189023

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Hillel SOLOW ,  Steve EPSTEIN ,  Ezra DARSHAN ,  Arnold ZUCKER ,  Shali MOR ,  Asaf COHEN

IPC: H04L29/06

Abstract: In one embodiment, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.