公开(公告)号：US11863921B2

公开(公告)日：2024-01-02

申请号：US18313255

申请日：2023-05-05

申请人： Cisco Technology, Inc.

发明人： Ashutosh Kulshreshtha ,  Omid Madani ,  Vimal Jeyakumar ,  Navindra Yadav ,  Ali Parandehgheibi ,  Andy Sloane ,  Kai Chang ,  Khawar Deen ,  Shih-Chun Chang ,  Hai Vu

IPC分类号： H04L67/12 ,  H04L43/16 ,  H04Q9/02 ,  H04L13/04 ,  G06F11/34 ,  H04L43/026 ,  H04L41/0631 ,  H04L41/0681 ,  H04L41/14

CPC分类号： H04Q9/02 ,  G06F11/3495 ,  H04L13/04 ,  H04L41/064 ,  H04L41/0681 ,  H04L43/026 ,  H04L67/12 ,  H04L41/14 ,  H04L43/16 ,  H04Q2209/20

摘要： An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：US11128700B2

公开(公告)日：2021-09-21

申请号：US16024182

申请日：2018-06-29

申请人： Cisco Technology, Inc.

发明人： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Darshan Shrinath Purandare ,  Duy Nguyen ,  Hai Vu ,  Kai Zhu ,  Aiyesha Ma ,  Tapan Shrikrishna Patwardhan ,  Jothi Prakash Prabakaran

IPC分类号： G06F15/173 ,  H04L29/08 ,  H04L12/24 ,  H04L12/26

摘要： Aspects of the disclosed technology provide methods for automatically tuning load-balancer configurations in a network environment. In some implementations, a process of the disclosed technology includes steps for collecting flow records of traffic flow segments at a middle box in a network environment, the traffic flow segments corresponding to one or more traffic flows passing through the middle box, analyzing the flow records to identify one or more traffic patterns in the network environment, and automatically updating a load balancer configuration based on the one or more traffic patterns, wherein updating the load balancer configuration improves at least one traffic flow parameter for at least one of the traffic flows passing through the middle box. Systems and machine-readable media are also provided.

公开(公告)号：US20210218638A1

公开(公告)日：2021-07-15

申请号：US17214674

申请日：2021-03-26

申请人： Cisco Technology, Inc.

发明人： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Prasannakumar Jobigenahally Malleshaiah ,  Duy Nguyen ,  Hai Vu ,  Aiyesha Ma ,  Tapan Shrikrishna Patwardhan ,  Kai Zhu ,  Jothi Prakash Prabakaran

IPC分类号： H04L12/24 ,  H04L12/26

摘要： Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, flow records of traffic flow segments at a middlebox in a network environment are collected. The flow records can include transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments with respect to the middlebox can be identified using the flow records. Further, the traffic flow segments can be stitched together to form a plurality of stitched traffic flows at the middlebox based on the transaction identifiers and the sources and destinations of the traffic flow segments in the network environment with respect to the middlebox. A configuration of the middlebox operating in the network environment can be identified based on the stitched traffic flows at the middlebox in the network environment.

公开(公告)号：US20180287907A1

公开(公告)日：2018-10-04

申请号：US15471183

申请日：2017-03-28

申请人： CISCO TECHNOLOGY, INC.

发明人： Ashutosh Kulshreshtha ,  Omid Madani ,  Vimal Jeyakumar ,  Navindra Yadav ,  Ali Parandehgheibi ,  Andy Sloane ,  Kai Chang ,  Khawar Deen ,  Shih-Chun Chang ,  Hai Vu

IPC分类号： H04L12/26 ,  H04L12/24 ,  H04Q9/02

摘要： An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：US20180278481A1

公开(公告)日：2018-09-27

申请号：US15470499

申请日：2017-03-27

申请人： CISCO TECHNOLOGY, INC.

发明人： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC分类号： H04L12/24 ,  H04L29/08 ,  G06F17/30

CPC分类号： H04L41/0893 ,  G06F8/61 ,  G06F17/30094 ,  G06F17/30194 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0856 ,  H04L67/06 ,  H04L67/1097

摘要： The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US20230276152A1

公开(公告)日：2023-08-31

申请号：US18313255

申请日：2023-05-05

申请人： Cisco Technology, Inc.

发明人： Ashutosh Kulshreshtha ,  Omid Madani ,  Vimal Jeyakumar ,  Navindra Yadav ,  Ali Parandehgheibi ,  Andy Sloane ,  Kai Chang ,  Khawar Deen ,  Shih-Chun Chang ,  Hai Vu

IPC分类号： H04Q9/02 ,  H04L43/04 ,  G06F11/34 ,  H04L43/026 ,  H04L41/0631 ,  H04L41/0681 ,  H04L67/12

CPC分类号： H04Q9/02 ,  H04L43/04 ,  G06F11/3495 ,  H04L43/026 ,  H04L41/064 ,  H04L41/0681 ,  H04L67/12 ,  H04L41/14

摘要： An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：US11706239B2

公开(公告)日：2023-07-18

申请号：US17003450

申请日：2020-08-26

申请人： Cisco Technology, Inc.

发明人： Hai Vu ,  Thanh Nhan Nguyen ,  Vaishali Palkar ,  Varun Malhotra ,  Shih-Chun Chang ,  Xin Liu

IPC分类号： H04L9/40

CPC分类号： H04L63/1433

摘要： Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting vulnerabilities in real-time during execution of a process or an application. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to obtain real-time process information associated with a process executing in an endpoint. The device can then determine package information for a package associated with the process based on the process information. The device can then identify at least one vulnerability associated with the package information using a database of vulnerabilities stored on a backend component of the network. The backend component may have a database of vulnerabilities for packages.

公开(公告)号：US11509535B2

公开(公告)日：2022-11-22

申请号：US16999447

申请日：2020-08-21

申请人： Cisco Technology, Inc.

发明人： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC分类号： H04L41/046 ,  H04L43/06 ,  H04L43/065 ,  H04L43/0817 ,  H04L41/0893 ,  H04L67/02

摘要： The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

公开(公告)号：US20220070197A1

公开(公告)日：2022-03-03

申请号：US17003450

申请日：2020-08-26

申请人： Cisco Technology, Inc.

发明人： Hai Vu ,  Thanh Nhan Nguyen ,  Vaishali Palkar ,  Varun Malhotra ,  Shih-Chun Chang ,  Xin Liu

IPC分类号： H04L29/06

摘要： Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting vulnerabilities in real-time during execution of a process or an application. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to obtain real-time process information associated with a process executing in an endpoint. The device can then determine package information for a package associated with the process based on the process information. The device can then identify at least one vulnerability associated with the package information using a database of vulnerabilities stored on a backend component of the network. The backend component may have a database of vulnerabilities for packages.

公开(公告)号：US10764141B2

公开(公告)日：2020-09-01

申请号：US15469737

申请日：2017-03-27

申请人： CISCO TECHNOLOGY, INC.

发明人： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L29/08

摘要： The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.