公开(公告)号：US20230275837A1

公开(公告)日：2023-08-31

申请号：US17681079

申请日：2022-02-25

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Doron Levari

IPC: H04L47/12 ,  H04L67/141 ,  H04L67/148

CPC classification number: H04L47/12 ,  H04L67/141 ,  H04L67/148

Abstract: Techniques for scaling additional capacity for secure access solutions and other workloads of enterprise edge networks in and out of a cloud-computing network based on demand. The techniques may include determining that a capacity associated with a secure access node of an enterprise edge network meets or exceeds a threshold capacity. Based at least in part on the capacity meeting or exceeding the threshold capacity, the techniques may include causing a facsimile of the secure access node to be spun up on a cloud-computing network that is remote from the enterprise edge network. In this way, new connection requests received from client devices can be redirected to the facsimile of the secure access node. Additionally, or alternatively, one or more existing connections between client devices and the secure access node may be migrated to the facsimile of the secure access node in the cloud.

公开(公告)号：US20240291837A1

公开(公告)日：2024-08-29

申请号：US18175218

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Doron Levari ,  Vincent E. Parla ,  Tariq Ahmed Farhan ,  Siddhu Warrier ,  Jason M Perry

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416

Abstract: Security, access and the way organizations communicate with their employees, contractors and customers is evolving faster than ever, and as the world is becoming more hybrid, security policies, monitoring and control must become collaborative and interoperable. The techniques described herein provide meaningful correlation and analytics of data coming from multiple sources in the network, access, security and identity, thereby improving troubleshooting, optimizations, threat forensics and analysis, as well as enabling network administrators more control over network policies.

公开(公告)号：US12101257B2

公开(公告)日：2024-09-24

申请号：US17681079

申请日：2022-02-25

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Doron Levari

IPC: H04L47/12 ,  H04L67/141 ,  H04L67/148

CPC classification number: H04L47/12 ,  H04L67/141 ,  H04L67/148

Abstract: Techniques for scaling additional capacity for secure access solutions and other workloads of enterprise edge networks in and out of a cloud-computing network based on demand. The techniques may include determining that a capacity associated with a secure access node of an enterprise edge network meets or exceeds a threshold capacity. Based at least in part on the capacity meeting or exceeding the threshold capacity, the techniques may include causing a facsimile of the secure access node to be spun up on a cloud-computing network that is remote from the enterprise edge network. In this way, new connection requests received from client devices can be redirected to the facsimile of the secure access node. Additionally, or alternatively, one or more existing connections between client devices and the secure access node may be migrated to the facsimile of the secure access node in the cloud.

公开(公告)号：US20170155562A1

公开(公告)日：2017-06-01

申请号：US15237142

申请日：2016-08-15

Applicant: Cisco Technology, Inc.

Inventor： Sachin Vasant ,  Umesh Kumar Miglani ,  Zachary D. Siswick ,  Doron Levari ,  Yedidya Dotan

IPC: H04L12/26 ,  H04L29/12

CPC classification number: H04L63/0227 ,  H04L63/1408 ,  H04L63/20

Abstract: A network management entity is configured to communicate with one or more network security devices. Each network security device is configured to store in a respective event queue an event for each attempt to access a network accessible destination through the security device. Each event indicates the destination of the attempted access. The management entity periodically collects from the event queues the stored events so that less that all of the events stored in the event queues over a given time period are collected. The management entity determines, based on the collected events, top destinations as the destinations that occur most frequently in the collected events. The management entity determines, based on the collected events, bottom destinations as the destinations that occur least frequently in the collected events. The management entity generates for display indications of the top destinations and generates for display indications of the bottom destinations.

公开(公告)号：US20240031411A1

公开(公告)日：2024-01-25

申请号：US17871827

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Doron Levari ,  Tariq Ahmed Farhan ,  Vincent E. Parla ,  Ido Tamir ,  Adam Bragg ,  Jason M. Perry

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/1416

Abstract: This disclosure describes techniques and mechanisms for defining dynamic security compliance in networks to proactively prevent security policy violations from being added and/or made, retroactively and continuously identify security policy violations based on data from the changing threat landscape, and provide auto-remediation of non-compliant security policies. The techniques enable automated security policies and provide improved network security against a dynamic threat landscape.

公开(公告)号：US20240388533A1

公开(公告)日：2024-11-21

申请号：US18786114

申请日：2024-07-26

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Doron Levari

IPC: H04L47/12 ,  H04L67/141 ,  H04L67/148

Abstract: Techniques for scaling additional capacity for secure access solutions and other workloads of enterprise edge networks in and out of a cloud-computing network based on demand. The techniques may include determining that a capacity associated with a secure access node of an enterprise edge network meets or exceeds a threshold capacity. Based at least in part on the capacity meeting or exceeding the threshold capacity, the techniques may include causing a facsimile of the secure access node to be spun up on a cloud-computing network that is remote from the enterprise edge network. In this way, new connection requests received from client devices can be redirected to the facsimile of the secure access node. Additionally, or alternatively, one or more existing connections between client devices and the secure access node may be migrated to the facsimile of the secure access node in the cloud.