公开(公告)号：US20190342173A1

公开(公告)日：2019-11-07

申请号：US15969462

申请日：2018-05-02

Applicant: Cisco Technology, Inc.

Inventor： Laurent Navarro ,  Jeffrey Markey ,  Matthew Robertson ,  Sunil Amin ,  Marc Dupont ,  Timothy Deeb-Swihart, II

IPC: H04L12/24 ,  H04L12/851 ,  H04L29/06

Abstract: In one example embodiment, a server obtains network flow metadata of a network flow of a host in a network. The server identifies one or more attributes of the network flow metadata. For each host group of a plurality of host groups, the server determines whether the one or more attributes of the network flow metadata satisfy one or more criteria for the host group. For each host group for which it is determined that the one or more attributes of the network flow metadata satisfy the one or more criteria, the server classifies the host as belonging to the host group.

公开(公告)号：US11700234B2

公开(公告)日：2023-07-11

申请号：US17213657

申请日：2021-03-26

Applicant: Cisco Technology, Inc.

Inventor： Marc Dupont ,  Jan Brabec

IPC: H04L29/06 ,  H04L9/40 ,  H04L51/212

CPC classification number: H04L63/0236 ,  H04L51/212 ,  H04L63/20

Abstract: Techniques are described for detecting attacks that employ a display name in an email to impersonate an email sender. A computing infrastructure hosting an email security platform may determine a similarity between the display name and an email address from which the email was received. The email security platform may determine the similarity by comparing a string associated with the display name and a string associated with the sender address. The email security platform may generate a similarity value based on a result of the display name being compared with the sender address. The email security platform may determine that the email includes the display name impersonating a name of the sender, based on the similarity value meeting or exceeding a threshold value indicative of impersonation. The email security platform may delete or quarantine the email from an inbox associated with a user account.

公开(公告)号：US20220239633A1

公开(公告)日：2022-07-28

申请号：US17213657

申请日：2021-03-26

Applicant: Cisco Technology, Inc.

Inventor： Marc Dupont ,  Jan Brabec

IPC: H04L29/06 ,  H04L12/58

Abstract: Techniques are described for detecting attacks that employ a display name in an email to impersonate an email sender. A computing infrastructure hosting an email security platform may determine a similarity between the display name and an email address from which the email was received. The email security platform may determine the similarity by comparing a string associated with the display name and a string associated with the sender address. The email security platform may generate a similarity value based on a result of the display name being compared with the sender address. The email security platform may determine that the email includes the display name impersonating a name of the sender, based on the similarity value meeting or exceeding a threshold value indicative of impersonation. The email security platform may delete or quarantine the email from an inbox associated with a user account.