公开(公告)号：US10972388B2

公开(公告)日：2021-04-06

申请号：US15359511

申请日：2016-11-22

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Mohammadreza Alizadeh Attar ,  Shashi Gandham ,  Abhishek Singh ,  Shih-Chun Chang

IPC: H04L12/721 ,  H04L12/26 ,  H04L12/24

Abstract: An example method includes a sensor detecting multiple packets of a flow during a specified total time period (e.g., a reporting time period). The total time period can be subdivided into multiple time periods. The sensor can analyze the detected packets to determine an amount of network utilization for each of the time periods. The sensor can then generate a flow summary based on the network utilization and the flow and send the flow summary to an analytics engine. Multiple other sensors can do similarly for their respective packets and flows. The analytics engine can receive the flow summaries from the various sensors and determine a correspondence between flow with high network utilization at a specific time period and a node or nodes. These nodes that experienced multiple flows with high network utilization for a certain period of time can be identified as experiencing a microburst.

公开(公告)号：US11646940B2

公开(公告)日：2023-05-09

申请号：US17482411

申请日：2021-09-22

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L41/0893 ,  H04L41/0853

CPC classification number: H04L41/0893 ,  H04L41/0856

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US11509535B2

公开(公告)日：2022-11-22

申请号：US16999447

申请日：2020-08-21

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC: H04L41/046 ,  H04L43/06 ,  H04L43/065 ,  H04L43/0817 ,  H04L41/0893 ,  H04L67/02

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

公开(公告)号：US20210389877A1

公开(公告)日：2021-12-16

申请号：US16899290

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Xin Liu ,  Sunil Gupta ,  Thanh Trung Ngo ,  Xuan Loc Bui ,  Hoang Viet Nguyen ,  Shashi Gandham ,  Navindra Yadav

IPC: G06F3/06 ,  G06F9/455 ,  G06F11/14

Abstract: Systems, methods, and computer-readable for defining host functionalities in a computing environment include obtaining two or more snapshots comprising information pertaining to two or more processes executing in two or more hosts, the two or more snapshots being obtained at two or more points in time from the two or more hosts. One or more long-running processes amongst the two or more processes are identified based on one or more criteria associated with long-running processes. One or more priorities associated with the one or more long-running processes and used for defining functionalities for at least a subset of the two or more hosts, where high priorities are assigned to long-running processes, such as web server or database server processes, which are unique to at least the subset of the two or more hosts. Resources may be provisioned based on these host functionalities.

公开(公告)号：US11146454B2

公开(公告)日：2021-10-12

申请号：US16820404

申请日：2020-03-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US10764141B2

公开(公告)日：2020-09-01

申请号：US15469737

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

公开(公告)号：US20190230112A1

公开(公告)日：2019-07-25

申请号：US15992071

申请日：2018-05-29

Applicant: Cisco Technology, Inc.

Inventor： Shashi Gandham ,  Navindra Yadav ,  Janardhanan Radhakrishnan ,  Hoang-Nam Nguyen ,  Umesh Paul Mahindra ,  Sunil Gupta ,  Praneeth Vallem ,  Supreeth Rao ,  Darshan Shrinath Purandare ,  Xuan Zou ,  Joseph Daniel Beshay ,  Jothi Prakash Prabakaran

IPC: H04L29/06 ,  G06F21/53 ,  H04L12/24 ,  G06F9/455

Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.

公开(公告)号：US10250446B2

公开(公告)日：2019-04-02

申请号：US15470499

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/58 ,  G06F17/30 ,  H04L29/08

Abstract: The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US11765046B1

公开(公告)日：2023-09-19

申请号：US16188979

申请日：2018-11-13

Applicant: Cisco Technology, Inc.

Inventor： Weifei Zeng ,  Omid Madani ,  Varun Malhotra ,  Paul Mach ,  Yash Vipul Doshi ,  Sayeed Mohammed Tasnim ,  Thanh Nhan Thi Nguyen ,  Navindra Yadav ,  Shashi Gandham

IPC: H04L41/16 ,  H04L41/0893 ,  G06N20/00 ,  G06F16/9532

CPC classification number: H04L41/16 ,  G06F16/9532 ,  G06N20/00 ,  H04L41/0893

Abstract: This disclosure provides solutions for automatically grouping network devices (e.g., endpoints) into clusters based on device characteristics. In some aspects, the disclosed technology also provides solutions for generating user selectable queries based on cluster characteristics. A process of the disclosed technology can include steps for identifying one or more device characteristics associated with a first network device, identifying one or more cluster characteristics for each of a first cluster and a second cluster, and comparing the device characteristics associated with the first network device with the one or more cluster characteristics for the first cluster and the second cluster. The process can further include steps for adding the first network device to the first cluster based on the cluster characteristics for the first cluster and the device characteristics for the first network device. Systems and machine-readable media are also provided.

公开(公告)号：US11750653B2

公开(公告)日：2023-09-05

申请号：US17556673

申请日：2021-12-20

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Shih-Chun Chang ,  Shashi Gandham ,  Xiaofei Guo ,  Hoang Viet Nguyen ,  Xin Liu ,  Thanh Trung Ngo ,  Duan Tran ,  Xuan Loc Bui

IPC: H04L9/40

CPC classification number: H04L63/1491 ,  H04L63/102 ,  H04L63/1425 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.