公开(公告)号：US10298604B2

公开(公告)日：2019-05-21

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L12/28 ,  H04L29/06 ,  G06N99/00 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US11019086B2

公开(公告)日：2021-05-25

申请号：US16374932

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/28 ,  H04W4/12

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US10785234B2

公开(公告)日：2020-09-22

申请号：US15189023

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow ,  Steve Epstein ,  Ezra Darshan ,  Arnold Zucker ,  Shali Mor ,  Asaf Cohen

IPC: H04L29/06 ,  G06F21/55

Abstract: In one example, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

公开(公告)号：US20190238580A1

公开(公告)日：2019-08-01

申请号：US16374932

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/28 ,  H04W4/12

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US10284588B2

公开(公告)日：2019-05-07

申请号：US15276808

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow ,  Ezra Darshan ,  Harel Cain ,  Steve Epstein ,  Arnold Zucker

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/00

Abstract: In one embodiment, a method for assessing security posture for entities in a computing network is implemented on a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

公开(公告)号：US20180184137A1

公开(公告)日：2018-06-28

申请号：US15814423

申请日：2017-11-16

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Orly Ovadia-Amsalem ,  David S. Morgan

IPC: H04N21/231 ,  H04N21/433 ,  H04N21/239 ,  G06F17/30 ,  H04N21/258

CPC classification number: H04N21/23113 ,  G06F16/40 ,  G06F16/43 ,  G06F16/951 ,  H04N21/23116 ,  H04N21/2393 ,  H04N21/252 ,  H04N21/258 ,  H04N21/25891 ,  H04N21/2668 ,  H04N21/2747 ,  H04N21/4334 ,  H04N21/4394 ,  H04N21/47217

Abstract: In one embodiment, a method, system and apparatus are described for cloud digital video recorder optimization. A cloud based storage unit stores recorded content items in response to recording requests by users from among a plurality of users, each recorded content item belonging to at least one content item type category and each user belonging to at least one user type category. A processor receives log files tracking the recording requests, applies a data-driven procedure to the log files on a basis of at least one of: the at least one content item type category and the at least one user type category, and assigns each recorded content item to a group associated with a second plurality of users and a co-related group of content items of a given content item type category and determines times to delete each recorded content item from the cloud based storage unit. Related methods, systems, and apparatus are also described.