公开(公告)号：US20230325478A1

公开(公告)日：2023-10-12

申请号：US17718565

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John ZACKS ,  Walter Theodore HULICK, JR. ,  Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO

IPC: G06F21/31

CPC classification number: G06F21/31

Abstract: In one embodiment, a device obtains data regarding a transaction attempted by a user within an online application that is captured by instrumentation code that is inserted into the online application at runtime, wherein the user has sufficient privileges within the online application to perform the transaction; The device sends, based on the data regarding the transaction, one or more approval requests to one or more authorizers. The device receives one or more responses to the one or more approval requests. The device blocks, and based on the one or more responses, the transaction attempted by the user within the online application via the instrumentation code.

公开(公告)号：US20240073146A1

公开(公告)日：2024-02-29

申请号：US17899871

申请日：2022-08-31

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Robert E. BARTON ,  Jerome HENRY ,  David John ZACKS ,  Walter Theodore HULICK, JR. ,  Nagendra Kumar NAINAR

IPC: H04L47/2425

CPC classification number: H04L47/2433

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device identifies, based on the transaction data, traffic in a network associated with the transaction. The device associates, based on the transaction data, a measure of importance with the traffic. The device causes the traffic to be sent by a networking device in the network according to its associated measure of importance.

公开(公告)号：US20240378033A1

公开(公告)日：2024-11-14

申请号：US18196068

申请日：2023-05-11

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Vincent E. PARLA ,  Walter Theodore HULICK, JR. ,  David John ZACKS

IPC: G06F8/41

Abstract: In one embodiment, a device obtains telemetry regarding processor hardware of a compute node in a containerized system, whereby the telemetry has been converted into a common data format. The device associates the telemetry with a microservice of an application executed by the compute node. The device generates, based on the telemetry, a control flow graph for the microservice associated with the telemetry. The device provides an alert for display based on the control flow graph for the microservice.

公开(公告)号：US20230334478A1

公开(公告)日：2023-10-19

申请号：US17723885

申请日：2022-04-19

Applicant: Cisco Technology, Inc.

Inventor： Thomas SZIGETI ,  David John ZACKS ,  Walter Theodore HULICK, JR. ,  Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO

IPC: G06Q20/38 ,  G06Q20/40 ,  G06Q30/06

CPC classification number: G06Q20/382 ,  G06Q20/405 ,  G06Q30/06

Abstract: In one embodiment, a device obtains data regarding a transaction attempted by a user account within an online application that is captured by instrumentation code that is inserted into the online application at runtime, wherein the user account has sufficient privileges within the online application to perform the transaction. The device makes an inference about the data regarding the transaction using a behavioral model. The device determines, based on the inference, a mitigation action for performance within the online application according to an enforcement policy. The device enforces the mitigation action within the online application.

公开(公告)号：US20230379365A1

公开(公告)日：2023-11-23

申请号：US17749609

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Hendrikus G.P. BOSCH ,  David John ZACKS ,  Walter Theodore HULICK, JR. ,  Nagendra Kumar NAINAR

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/20 ,  G06F9/547

Abstract: In one embodiment, a device receives traffic flow information regarding an application programming interface call made to a particular endpoint via a path in a network. The device requests, based on the traffic flow information, that a plurality of distributed agents in the network perform a trace of the path taken by the application programming interface call. The device receives results from the trace of the path performed by the plurality of distributed agents. The device causes a security policy to be enforced with respect to application programming interface calls made to the particular endpoint, based on the results from the trace.

公开(公告)号：US20230379319A1

公开(公告)日：2023-11-23

申请号：US17749274

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Rajesh Indira VISWAMBHARAN ,  Nagendra Kumar NAINAR ,  Akram Ismail SHERIFF ,  David John ZACKS

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/20

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

公开(公告)号：US20230376632A1

公开(公告)日：2023-11-23

申请号：US17746517

申请日：2022-05-17

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John ZACKS ,  Walter Theodore HULICK, JR. ,  Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO

IPC: G06F21/62

CPC classification number: G06F21/6254

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application to access confidential information within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device permits, based on a policy, the transaction to complete within the online application. The device determines, based on the policy, a set of one or more client-side functions to disable during the transaction. The device instructs an agent executed by the client to disable the set of one or more client-side functions during the transaction.

公开(公告)号：US20230171240A1

公开(公告)日：2023-06-01

申请号：US17535950

申请日：2021-11-26

Applicant: Cisco Technology, Inc.

Inventor： Walter Theodore Hulick, JR. ,  David John ZACKS ,  Thomas SZIGETI ,  Andrew Albert PLETCHER

IPC: H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/083

Abstract: In one embodiment, a service determines authentication credentials for a web application transaction. The service determines one or more performance metrics regarding the web application transaction. The service generates an enhanced web token comprising the one or more performance metrics regarding the web application transaction. The service sends the enhanced web token and the authentication credentials along a path of the web application transaction, the path including one or more services configured to use the one or more performance metrics sent in addition to the authentication credentials to process the web application transaction.

公开(公告)号：US20220321467A1

公开(公告)日：2022-10-06

申请号：US17223176

申请日：2021-04-06

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John ZACKS ,  Robert E. BARTON ,  Jerome HENRY

IPC: H04L12/721 ,  H04L12/741 ,  H04L12/725 ,  H04L12/781 ,  H04L12/707

Abstract: According to one or more embodiments of the disclosure, a service identifies a packet sent by a first device in a network to a second device as being of a particular protocol. The service identifies a control command within the packet for the second device, based in part on the particular protocol identified for the packet. The service determines, based on the control command within the packet, a quality of service policy for the packet. The service causes the quality of service policy to be applied to the packet along a path in the network via which the packet is sent from the first device to the second device.

公开(公告)号：US20250007812A1

公开(公告)日：2025-01-02

申请号：US18215508

申请日：2023-06-28

Applicant: Cisco Technology, Inc.

Inventor： Walter Theodore Hulick, JR. ,  David John ZACKS ,  Thomas SZIGETI

IPC: H04L43/50 ,  H04L43/065

Abstract: In one embodiment, a device obtains testing parameters used by a plurality of agents in a network to perform testing with respect to an online application. The device identifies overlapping parameters among the testing parameters and generates a consolidated set of testing parameters for the overlapping parameters. The device configures the plurality of agents such that a singular testing agent performs testing with respect to the online application using the consolidated set of testing parameters instead of multiple testing agents performing testing with respect to the online application using the overlapping parameters.