公开(公告)号：US20160359673A1

公开(公告)日：2016-12-08

申请号：US15045202

申请日：2016-02-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L12/24 ,  H04L12/26

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

Abstract translation: 根据一些实施例的示例性方法包括接收穿过网络的分组的流数据。 该方法通过确定分组的源端点组和目的端点组来继续。 该方法通过确定使用策略来继续，该策略适用于端点组。 最后，该方法包括根据流数据更新策略的利用率数据。

公开(公告)号：US12224921B2

公开(公告)日：2025-02-11

申请号：US18429022

申请日：2024-01-31

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: G06F21/53 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  H04L67/50

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

公开(公告)号：US11968103B2

公开(公告)日：2024-04-23

申请号：US17153785

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L43/0864 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/50 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/556 ,  G06F21/566 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

公开(公告)号：US11936663B2

公开(公告)日：2024-03-19

申请号：US18054069

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/0894 ,  H04L43/062

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425 ,  H04L43/062

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US11924073B2

公开(公告)日：2024-03-05

申请号：US17403026

申请日：2021-08-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: G06F21/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  H04L67/50

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/556 ,  G06F21/566 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

公开(公告)号：US20240015084A1

公开(公告)日：2024-01-11

申请号：US18471125

申请日：2023-09-20

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  H04W72/54 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L45/302

CPC classification number: H04L43/045 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  G06F9/45558 ,  G06N20/00 ,  G06F21/552 ,  G06F21/566 ,  G06F16/285 ,  G06F16/288 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/29 ,  G06F16/162 ,  G06F16/17 ,  G06F16/122 ,  G06F16/137 ,  G06F16/173 ,  G06F16/1744 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/9535 ,  G06F16/1748 ,  G06F16/174 ,  G06N99/00 ,  H04L9/3239 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0858 ,  H04L43/106 ,  H04L45/46 ,  H04L45/507 ,  H04L63/1458 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  G06F21/556 ,  H04W72/54 ,  H04L63/1416 ,  H04L63/145 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L63/16 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3242 ,  H04L63/06 ,  H04L63/0876 ,  H04J3/0661 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0841 ,  H04L43/0864 ,  H04L47/11 ,  H04L63/1408 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L63/0227 ,  H04L63/0263 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L63/1433 ,  H04L47/31 ,  H04L45/38 ,  H04L45/66 ,  G06F3/0482 ,  G06T11/206 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L63/1466 ,  H04L45/306 ,  G06F16/2365 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

公开(公告)号：US20230118563A1

公开(公告)日：2023-04-20

申请号：US18054069

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/0894

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US11463483B2

公开(公告)日：2022-10-04

申请号：US16921184

申请日：2020-07-06

Applicant: Cisco Technology, Inc.

Inventor： Alok Lalit Wadhwa ,  James Gabriel Fontenot ,  Ashutosh Kulshreshtha ,  Navindra Yadav ,  Shashidhar Gandham ,  Weifei Zeng

IPC: H04L9/40 ,  H04L29/06

Abstract: Disclosed herein are methods, systems, and non-transitory computer-readable storage media for scoring network segmentation policies in order to determine their effectiveness before, during and after enforcement. In one aspect, a method includes identifying one or more applications within an enterprise network; identifying at least one network security policy in association with the one or more applications within the enterprise network; determining a score of the network security policy based on information corresponding to exposure of each of the one or more applications within the enterprise network; and executing the network security policy based on the score.

公开(公告)号：US20220131773A1

公开(公告)日：2022-04-28

申请号：US17570179

申请日：2022-01-06

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L43/045 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L67/01 ,  H04L43/026 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L67/51 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L67/75 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L61/5007 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L67/1001 ,  H04L45/30

Abstract: A network analytics system can receive first sensor data, including first network activity and a first timestamp associated with a first clock of a first node, and second sensor data, including second network activity and a second timestamp associated with a second clock of a second node. The system can determine a first delta between the first clock and a third clock based on the first timestamp, and a second delta between the second clock and the third clock. The system can determine a first communication latency associated with a first sensor of the first node, and a second communication latency associated with a second sensor of the second node. The system can generate a report that synchronizes one or more data flows between the first node and the second node based on the first delta, the second delta, the first communication latency, and the second communication latency.

公开(公告)号：US11102093B2

公开(公告)日：2021-08-24

申请号：US16280894

申请日：2019-02-20

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: G06F21/00 ,  H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L12/24 ,  H04L12/715 ,  H04L12/723 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.