-
公开(公告)号:US10609042B2
公开(公告)日:2020-03-31
申请号:US15387123
申请日:2016-12-21
Applicant: Cisco Technology, Inc.
Inventor: Paul Quinn , Michael E. Lipman , Mike Milano , David D. Ward , James Guichard , Leonid Sandler , Moshe Kravchik , Alena Lifar , Darrin Miller
Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.
-
公开(公告)号:US10387648B2
公开(公告)日:2019-08-20
申请号:US15334311
申请日:2016-10-26
Applicant: Cisco Technology, Inc.
Inventor: Benyamin Hirschberg , Moshe Kravchik , Arie Haenel , Hillel Solow
IPC: G06F21/56
Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.
-
公开(公告)号:US10298604B2
公开(公告)日:2019-05-21
申请号:US15256651
申请日:2016-09-05
Applicant: Cisco Technology, Inc.
Inventor: Steve Epstein , Avi Fruchter , Moshe Kravchik , Yaron Sella , Itay Harush
Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.
-
公开(公告)号:US20170237747A1
公开(公告)日:2017-08-17
申请号:US15387123
申请日:2016-12-21
Applicant: Cisco Technology, Inc.
Inventor: Paul Quinn , Michael E. Lipman , Mike Milano , David D. Ward , James Guichard , Leonid Sandler , Moshe Kravchik , Alena Lifar , Darrin Miller
CPC classification number: H04L63/107 , G06F21/602 , G06F21/6218 , H04L63/0428 , H04L63/108 , H04L63/20 , H04W12/00503 , H04W12/08
Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.
-
公开(公告)号:US11019086B2
公开(公告)日:2021-05-25
申请号:US16374932
申请日:2019-04-04
Applicant: Cisco Technology, Inc.
Inventor: Steve Epstein , Avi Fruchter , Moshe Kravchik , Yaron Sella , Itay Harush
Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.
-
公开(公告)号:US20190238580A1
公开(公告)日:2019-08-01
申请号:US16374932
申请日:2019-04-04
Applicant: Cisco Technology, Inc.
Inventor: Steve Epstein , Avi Fruchter , Moshe Kravchik , Yaron Sella , Itay Harush
CPC classification number: H04L63/1425 , G06N20/00 , H04L12/2818 , H04L12/2825 , H04L12/2834 , H04L63/0861 , H04L63/10 , H04L63/1408 , H04L63/20 , H04L2463/082 , H04W4/12
Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.
-
公开(公告)号:US20180357416A1
公开(公告)日:2018-12-13
申请号:US15616984
申请日:2017-06-08
Applicant: Cisco Technology, Inc.
Inventor: Oded ASHKENAZI , Moshe Kravchik , Arie Haenel , Benyamin Hirschberg
Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.
-
公开(公告)号:US10540509B2
公开(公告)日:2020-01-21
申请号:US15616984
申请日:2017-06-08
Applicant: Cisco Technology, Inc.
Inventor: Oded Ashkenazi , Moshe Kravchik , Arie Haenel , Benyamin Hirschberg
Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.
-
公开(公告)号:US20180069879A1
公开(公告)日:2018-03-08
申请号:US15256651
申请日:2016-09-05
Applicant: Cisco Technology, Inc.
Inventor: Steve EPSTEIN , Avi Fruchter , Moshe Kravchik , Yaron Sella , Itay Harush
CPC classification number: H04L63/1425 , G06N99/005 , H04L12/2818 , H04L12/2825 , H04L12/2834 , H04L63/0861 , H04L63/10 , H04L63/1408 , H04L63/20 , H04L2463/082 , H04W4/12
Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.
-
-
-
-
-
-
-
-