公开(公告)号：US10609042B2

公开(公告)日：2020-03-31

申请号：US15387123

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Michael E. Lipman ,  Mike Milano ,  David D. Ward ,  James Guichard ,  Leonid Sandler ,  Moshe Kravchik ,  Alena Lifar ,  Darrin Miller

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08 ,  G06F21/62 ,  H04W12/00

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

公开(公告)号：US10387648B2

公开(公告)日：2019-08-20

申请号：US15334311

申请日：2016-10-26

Applicant: Cisco Technology, Inc.

Inventor： Benyamin Hirschberg ,  Moshe Kravchik ,  Arie Haenel ,  Hillel Solow

IPC: G06F21/56

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

公开(公告)号：US10298604B2

公开(公告)日：2019-05-21

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L12/28 ,  H04L29/06 ,  G06N99/00 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US20170237747A1

公开(公告)日：2017-08-17

申请号：US15387123

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Michael E. Lipman ,  Mike Milano ,  David D. Ward ,  James Guichard ,  Leonid Sandler ,  Moshe Kravchik ,  Alena Lifar ,  Darrin Miller

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/107 ,  G06F21/602 ,  G06F21/6218 ,  H04L63/0428 ,  H04L63/108 ,  H04L63/20 ,  H04W12/00503 ,  H04W12/08

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

公开(公告)号：US11019086B2

公开(公告)日：2021-05-25

申请号：US16374932

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/28 ,  H04W4/12

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US20190238580A1

公开(公告)日：2019-08-01

申请号：US16374932

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/28 ,  H04W4/12

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US20180357416A1

公开(公告)日：2018-12-13

申请号：US15616984

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Oded ASHKENAZI ,  Moshe Kravchik ,  Arie Haenel ,  Benyamin Hirschberg

IPC: G06F21/55 ,  G06F21/44 ,  G06F21/62

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.

公开(公告)号：US10540509B2

公开(公告)日：2020-01-21

申请号：US15616984

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Oded Ashkenazi ,  Moshe Kravchik ,  Arie Haenel ,  Benyamin Hirschberg

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/50 ,  G06F21/55 ,  G06F21/56

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.

公开(公告)号：US20180069879A1

公开(公告)日：2018-03-08

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  H04W4/12 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.