公开(公告)号：US20180234453A1

公开(公告)日：2018-08-16

申请号：US15433294

申请日：2017-02-15

Applicant: Cisco Technology, Inc.

Inventor： Meixing Le ,  Jin Teng ,  Soumya Kumar Kalahasti ,  Jianxin Wang

IPC: H04L29/06 ,  H04L29/08 ,  G06N99/00 ,  G06N5/04

CPC classification number: H04L63/1441 ,  G06N20/00 ,  H04L63/10 ,  H04L69/22

Abstract: In one embodiment, a device in a network generates a machine learning-based traffic model using data indicative of a particular node in the network attempting to retrieve content from a particular resource in the network. The device predicts, using the traffic model, a time at which the particular node is expected to attempt retrieving future content from the particular resource. The device causes the future content from the particular resource to be prefetched in the network prior to the predicted time. The device makes a security assessment of the prefetched content. The device causes performance of a mitigation action in the network based on the security assessment of the prefetched content and in response to the particular node attempting to retrieve the future content from the particular resource.

公开(公告)号：US20170180316A1

公开(公告)日：2017-06-22

申请号：US14979042

申请日：2015-12-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jin Teng ,  Subharthi Paul ,  Thilan Niroshaka Ganegedara ,  Xun Wang ,  Saman Taghavi Zargar ,  Jayaraman Iyer

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0227 ,  G06F17/30377 ,  H04L63/0218 ,  H04L63/105

Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.

公开(公告)号：US10749894B2

公开(公告)日：2020-08-18

申请号：US15433294

申请日：2017-02-15

Applicant: Cisco Technology, Inc.

Inventor： Meixing Le ,  Jin Teng ,  Soumya Kumar Kalahasti ,  Jianxin Wang

IPC: H04L29/06 ,  H04L29/08 ,  G06N20/00

Abstract: In one embodiment, a device in a network generates a machine learning-based traffic model using data indicative of a particular node in the network attempting to retrieve content from a particular resource in the network. The device predicts, using the traffic model, a time at which the particular node is expected to attempt retrieving future content from the particular resource. The device causes the future content from the particular resource to be prefetched in the network prior to the predicted time. The device makes a security assessment of the prefetched content. The device causes performance of a mitigation action in the network based on the security assessment of the prefetched content and in response to the particular node attempting to retrieve the future content from the particular resource.

公开(公告)号：US20170289104A1

公开(公告)日：2017-10-05

申请号：US15086961

申请日：2016-03-31

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hari Shankar ,  Jin Teng ,  Venkatesh Narsipur Gautam

IPC: H04L29/06

CPC classification number: H04L63/029 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/062 ,  H04L63/166

Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.

公开(公告)号：US10091170B2

公开(公告)日：2018-10-02

申请号：US15086961

申请日：2016-03-31

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hari Shankar ,  Jin Teng ,  Venkatesh Narsipur Gautam

IPC: H04L29/06

Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.

公开(公告)号：US10021070B2

公开(公告)日：2018-07-10

申请号：US14979042

申请日：2015-12-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jin Teng ,  Subharthi Paul ,  Thilan Niroshaka Ganegedara ,  Xun Wang ,  Saman Taghavi Zargar ,  Jayaraman Iyer

IPC: G06F17/00 ,  H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0227 ,  G06F16/2379 ,  H04L63/0218 ,  H04L63/105

Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.