公开(公告)号：US11706239B2

公开(公告)日：2023-07-18

申请号：US17003450

申请日：2020-08-26

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu ,  Thanh Nhan Nguyen ,  Vaishali Palkar ,  Varun Malhotra ,  Shih-Chun Chang ,  Xin Liu

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting vulnerabilities in real-time during execution of a process or an application. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to obtain real-time process information associated with a process executing in an endpoint. The device can then determine package information for a package associated with the process based on the process information. The device can then identify at least one vulnerability associated with the package information using a database of vulnerabilities stored on a backend component of the network. The backend component may have a database of vulnerabilities for packages.

公开(公告)号：US11627166B2

公开(公告)日：2023-04-11

申请号：US17063864

申请日：2020-10-06

Applicant: Cisco Technology, Inc.

Inventor： Weifei Zeng ,  Sai Ankith Averineni ,  Omid Madani ,  Paul Mach ,  Yash Vipul Doshi ,  Sasidhar Evuru ,  Sayeed Mohammed Tasnim ,  Sameer Salim Mahomed Ali Ladiwala ,  Chakradhar Reddy Vangeti ,  Thanh Nhan Nguyen ,  Varun Malhotra ,  Shashidhar Gandham ,  Navindra Yadav ,  Thanh Trung Ngo ,  Maxwell Aaron Mechanic

IPC: H04L9/40 ,  H04L41/0893 ,  H04L41/14 ,  H04L47/2483

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for discovering policy scopes within an enterprise network and managing network policies for discovered policy scopes. In one aspect, a method includes identifying one or more communities of devices in an enterprise network; defining, from the one or more communities of devices, policy scopes in the enterprise network; generating a hierarchical representation of the policy scopes; identifying, based on the hierarchical representation of the policy scopes, one or more policies governing traffic flow between devices associated with each of the policy scopes; and managing application of the one or more policies at the devices.

公开(公告)号：US20220014436A1

公开(公告)日：2022-01-13

申请号：US17482411

申请日：2021-09-22

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US10523512B2

公开(公告)日：2019-12-31

申请号：US15468642

申请日：2017-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Hai Vu ,  Shih-Chun Chang ,  Hoang Nguyen ,  Shashi Gandham ,  Navindra Yadav ,  Praneeth Vallem ,  Sunil Gupta ,  Ravi Prasad ,  Varun Malhotra

IPC: H04L12/00 ,  H04L12/24 ,  H04L29/06

Abstract: The disclosed technology relates to a network agent for generating platform specific network policies. A network agent is configured to receive a platform independent network policy from a network policy system, determine implementation characteristics of the network entity, generate platform specific policies from the platform independent network policy based on the implementation characteristics of the network entity, and implement the platform specific policies on the network entity.

公开(公告)号：US20180278478A1

公开(公告)日：2018-09-27

申请号：US15468642

申请日：2017-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Hai Vu ,  Shih-Chun Chang ,  Hoang Nguyen ,  Shashi Gandham ,  Navindra Yadav ,  Praneeth Vallem ,  Sunil Gupta ,  Ravi Prasad ,  Varun Malhotra

IPC: H04L12/24 ,  H04L29/06

Abstract: The disclosed technology relates to a network agent for generating platform specific network policies. A network agent is configured to receive a platform independent network policy from a network policy system, determine implementation characteristics of the network entity, generate platform specific policies from the platform independent network policy based on the implementation characteristics of the network entity, and implement the platform specific policies on the network entity.

公开(公告)号：US11765046B1

公开(公告)日：2023-09-19

申请号：US16188979

申请日：2018-11-13

Applicant: Cisco Technology, Inc.

Inventor： Weifei Zeng ,  Omid Madani ,  Varun Malhotra ,  Paul Mach ,  Yash Vipul Doshi ,  Sayeed Mohammed Tasnim ,  Thanh Nhan Thi Nguyen ,  Navindra Yadav ,  Shashi Gandham

IPC: H04L41/16 ,  H04L41/0893 ,  G06N20/00 ,  G06F16/9532

CPC classification number: H04L41/16 ,  G06F16/9532 ,  G06N20/00 ,  H04L41/0893

Abstract: This disclosure provides solutions for automatically grouping network devices (e.g., endpoints) into clusters based on device characteristics. In some aspects, the disclosed technology also provides solutions for generating user selectable queries based on cluster characteristics. A process of the disclosed technology can include steps for identifying one or more device characteristics associated with a first network device, identifying one or more cluster characteristics for each of a first cluster and a second cluster, and comparing the device characteristics associated with the first network device with the one or more cluster characteristics for the first cluster and the second cluster. The process can further include steps for adding the first network device to the first cluster based on the cluster characteristics for the first cluster and the device characteristics for the first network device. Systems and machine-readable media are also provided.

公开(公告)号：US20200220780A1

公开(公告)日：2020-07-09

申请号：US16820404

申请日：2020-03-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US20180278481A1

公开(公告)日：2018-09-27

申请号：US15470499

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC: H04L12/24 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L41/0893 ,  G06F8/61 ,  G06F17/30094 ,  G06F17/30194 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0856 ,  H04L67/06 ,  H04L67/1097

Abstract: The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US11646940B2

公开(公告)日：2023-05-09

申请号：US17482411

申请日：2021-09-22

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L41/0893 ,  H04L41/0853

CPC classification number: H04L41/0893 ,  H04L41/0856

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US11509535B2

公开(公告)日：2022-11-22

申请号：US16999447

申请日：2020-08-21

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC: H04L41/046 ,  H04L43/06 ,  H04L43/065 ,  H04L43/0817 ,  H04L41/0893 ,  H04L67/02

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.