公开(公告)号：WO2019147680A1

公开(公告)日：2019-08-01

申请号：PCT/US2019/014758

申请日：2019-01-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  ARUMUGAM, Umamaheswaran ,  WATTS, Micheal ,  GANDHAM, Shashi ,  NGUYEN, Duy ,  VU, Hai ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  MA, Aiyesha ,  ZHU, Kai ,  PURANDARE, Darshan Shrinath ,  PRABAKARAN, Jothi Prakash

IPC: H04L29/08

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments across middleboxes. A method can include collecting flow records of traffic flow segments at a first middlebox and a second middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments can be identified with respect to the first middlebox and the second middlebox. Corresponding subsets of the traffic flow segments can be stitched together to from a first stitched traffic flow at the first middlebox and a second stitched traffic flow at the second middlebox. The first and second stitched traffic flows can be stitched together to form a cross-middlebox stitched traffic flow across the first middlebox and the second middlebox. The cross-middlebox stitched traffic flow can be incorporated as part of network traffic data for the network environment.

公开(公告)号：WO2019147669A1

公开(公告)日：2019-08-01

申请号：PCT/US2019/014747

申请日：2019-01-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  ARUMUGAM, Umamaheswaran ,  WATTS, Micheal ,  GANDHAM, Shashi ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  NGUYEN, Duy ,  VU, Hai ,  PATWARDHAN, Tapan Shrikrishna ,  MA, Aiyesha ,  ZOU, Xuan ,  PRABAKARAN, Jothi Prakash

IPC: H04L29/08

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, a method can include collecting flow records of traffic flow segments at a middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. The traffic flow segments can correspond to one or more traffic flows passing through the middlebox and flow directions of the traffic flow segments with respect to the middlebox can be identified using the flow records. The traffic flow segments can be stitched together based on the one or more transaction identifiers and the flow directions of the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox. The stitched traffic flow can be incorporated as part of network traffic data for the network environment.

公开(公告)号：WO2021257407A2

公开(公告)日：2021-12-23

申请号：PCT/US2021/037079

申请日：2021-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  PATWARDHAN, Tapan Shrikrishna ,  ARUMUGAM, Umamaheswaran ,  PURANDARE, Darshan Shrinath ,  MA, Aiyesha ,  SUN, Fuzhuo ,  KUMAR, Ashok

IPC: G06F21/50 ,  G06F21/55 ,  G06F21/57 ,  G06Q10/06 ,  H04L29/06 ,  G06F21/554 ,  G06F21/577 ,  H04L63/029 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/164 ,  H04L63/20

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

公开(公告)号：WO2022035578A1

公开(公告)日：2022-02-17

申请号：PCT/US2021/042981

申请日：2021-07-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  HE, Hanlin ,  ARUMUGAM, Umamaheswaran ,  BUKOFSER, Robert ,  MA, Aiyesha ,  ZHU, Kai ,  KUMAR, Ashok

IPC: G06F21/55 ,  G06F21/57 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for determine a neighborhood graph can include the following processes. A neighborhood graph system generates a neighborhood graph for a plurality of nodes in an enterprise network, the neighborhood graph representing a multi-hop connections between any two nodes of the plurality of nodes. A security score service determines a security score for each of the plurality of nodes to yield a plurality of scores. The neighborhood graph system updates the neighborhood graph of the plurality of nodes using the plurality of scores to provide a visual representation of securities of the plurality of nodes relative to each other.

公开(公告)号：WO2022031462A1

公开(公告)日：2022-02-10

申请号：PCT/US2021/042990

申请日：2021-07-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth Hosur Nagesh ,  YADAV, Navindra ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  PATWARDHAN, Tapan Shrikrishna ,  ARUMUGAM, Umamaheswaran ,  PURANDARE, Darshan Shrinath ,  MA, Aiyesha ,  FINN II, Matthew Lawson

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/577 ,  G06F9/5005 ,  H04L63/1433

Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.

公开(公告)号：WO2022010650A1

公开(公告)日：2022-01-13

申请号：PCT/US2021/038505

申请日：2021-06-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth Hosur Nagesh ,  YADAV, Navindra ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  PATWARDHAN, Tapan Shrikrishna ,  ARUMUGAM, Umamaheswaran ,  PURANDARE, Darshan Shrinath ,  MA, Aiyesha ,  LI, Songlin

IPC: H04L29/06 ,  G06F21/57

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.