公开(公告)号：US20250080564A1

公开(公告)日：2025-03-06

申请号：US18460786

申请日：2023-09-05

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Bhavik Pradeep Shah ,  Indermeet Singh Gandhi ,  Jerome Henry

IPC: H04L9/40

Abstract: Provided herein are techniques to facilitate vulnerability management for one or more endpoint devices of a network based on network infrastructure security context. In one example, a computer-implemented method may include determining a base vulnerability score for a particular vulnerability that is detected for an endpoint device of an enterprise network; determining topology information for the endpoint device within the enterprise network; translating the particular vulnerability to triggering information; performing a comparison between the security policies for the one or more network security mechanisms of network security infrastructure and the triggering information to determine whether the endpoint device is protected from the particular vulnerability being triggered for the endpoint device; and generating an updated vulnerability score for the particular vulnerability by adjusting the base vulnerability score based on whether the endpoint device is protected from the particular vulnerability being triggered for the endpoint device.

公开(公告)号：US20240333734A1

公开(公告)日：2024-10-03

申请号：US18128978

申请日：2023-03-30

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Bhavik Pradeep Shah ,  Thomas Szigeti ,  Nancy Patricia Cam-Winget ,  Edward Albert Warnicke

IPC: H04L9/40 ,  H04L41/0631

CPC classification number: H04L63/1425 ,  H04L41/065

Abstract: This disclosure describes techniques for escalating a security policy based on anomalous behavior. An example method includes identifying first behaviors associated with a first user and identifying a cluster comprising the first behaviors and second behaviors associated with at least one second user. The first user and the at least one second user are within a predetermined group within an organization. The example method further includes determining that a third behavior of a device associated with the first user is greater than a threshold distance from the cluster and outputting an alert.