公开(公告)号：US11811555B2

公开(公告)日：2023-11-07

申请号：US17327381

申请日：2021-05-21

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha ,  Sameer Merchant

IPC: H04L12/46 ,  H04L45/00 ,  H04L45/24 ,  H04L45/50 ,  H04L51/214 ,  H04L45/16 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/745 ,  H04L61/2503 ,  H04L45/02 ,  H04L69/22 ,  H04L67/10 ,  H04L41/0654 ,  H04L43/0811 ,  H04L45/74 ,  H04L49/00 ,  H04L61/2592 ,  H04L12/18 ,  H04L45/48 ,  H04L45/7453 ,  H04L45/021 ,  H04L45/64 ,  H04L47/125

CPC classification number: H04L12/4633 ,  H04L12/18 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/16 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L49/70 ,  H04L51/214 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L45/64 ,  H04L47/125 ,  H04L2212/00

Abstract: The subject technology addresses a need for improving utilization of network bandwidth in a multicast network environment. More specifically, the disclosed technology provides solutions for extending multipathing to tenant multicast traffic in an overlay network, which enables greater bandwidth utilization for multicast traffic. In some aspects, nodes in the overlay network can be connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.

公开(公告)号：US11646940B2

公开(公告)日：2023-05-09

申请号：US17482411

申请日：2021-09-22

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L41/0893 ,  H04L41/0853

CPC classification number: H04L41/0893 ,  H04L41/0856

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US20230118563A1

公开(公告)日：2023-04-20

申请号：US18054069

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/0894

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US11509535B2

公开(公告)日：2022-11-22

申请号：US16999447

申请日：2020-08-21

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC: H04L41/046 ,  H04L43/06 ,  H04L43/065 ,  H04L43/0817 ,  H04L41/0893 ,  H04L67/02

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

公开(公告)号：US11483351B2

公开(公告)日：2022-10-25

申请号：US17003364

申请日：2020-08-26

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Hongyang Zhang ,  Kai Zhu

IPC: H04L9/40

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

公开(公告)号：US11463483B2

公开(公告)日：2022-10-04

申请号：US16921184

申请日：2020-07-06

Applicant: Cisco Technology, Inc.

Inventor： Alok Lalit Wadhwa ,  James Gabriel Fontenot ,  Ashutosh Kulshreshtha ,  Navindra Yadav ,  Shashidhar Gandham ,  Weifei Zeng

IPC: H04L9/40 ,  H04L29/06

Abstract: Disclosed herein are methods, systems, and non-transitory computer-readable storage media for scoring network segmentation policies in order to determine their effectiveness before, during and after enforcement. In one aspect, a method includes identifying one or more applications within an enterprise network; identifying at least one network security policy in association with the one or more applications within the enterprise network; determining a score of the network security policy based on information corresponding to exposure of each of the one or more applications within the enterprise network; and executing the network security policy based on the score.

公开(公告)号：US20220131773A1

公开(公告)日：2022-04-28

申请号：US17570179

申请日：2022-01-06

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L43/045 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L67/01 ,  H04L43/026 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L67/51 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L67/75 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L61/5007 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L67/1001 ,  H04L45/30

Abstract: A network analytics system can receive first sensor data, including first network activity and a first timestamp associated with a first clock of a first node, and second sensor data, including second network activity and a second timestamp associated with a second clock of a second node. The system can determine a first delta between the first clock and a third clock based on the first timestamp, and a second delta between the second clock and the third clock. The system can determine a first communication latency associated with a first sensor of the first node, and a second communication latency associated with a second sensor of the second node. The system can generate a report that synchronizes one or more data flows between the first node and the second node based on the first delta, the second delta, the first communication latency, and the second communication latency.

公开(公告)号：US20220004643A1

公开(公告)日：2022-01-06

申请号：US16919199

申请日：2020-07-02

Applicant: Cisco Technology, Inc.

Inventor： Andy Sloane ,  Ashutosh Kulshreshtha ,  Hiral Shashikant Patel ,  Vimal Jeyakumar ,  Navindra Yadav ,  Florin Stelian Balus

IPC: G06F21/57 ,  G06F16/35 ,  G06F16/953 ,  G06F16/2457 ,  G06N20/00 ,  G06N5/04

Abstract: Systems, methods, and computer-readable for identifying known vulnerabilities in a software product include determining a set of one or more processed words based on applying text classification to one or more names associated with a product, where the text classification is based on analyzing a database of names associated with a database of products Similarity scores are determined between the set of one or more processed words and names associated with one or more known vulnerabilities maintained in a database of known vulnerabilities in products. Equivalence mapping is performed between the one or more names associated with the product and the one or more known vulnerabilities, based on the similarity scores. Known vulnerabilities in the product are identified based on the equivalence mapping.

公开(公告)号：US20210392135A1

公开(公告)日：2021-12-16

申请号：US16899317

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Ashok Kumar ,  Tapan Shrikrishna Patwardhan ,  Hanlin He ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Ning Shan

IPC: H04L29/06 ,  H04L12/26

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for receiving, at an authentication service of an enterprise network and from a user device, a request to access an application; determining a user status associated with the request based on information received from at least an identity service engine; determining, based on the user status, whether the user device meets a set of security parameters for accessing the application, to yield a determination; and determining, based on the determination, whether to grant or deny the request for accessing the application.

公开(公告)号：US20210389877A1

公开(公告)日：2021-12-16

申请号：US16899290

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Xin Liu ,  Sunil Gupta ,  Thanh Trung Ngo ,  Xuan Loc Bui ,  Hoang Viet Nguyen ,  Shashi Gandham ,  Navindra Yadav

IPC: G06F3/06 ,  G06F9/455 ,  G06F11/14

Abstract: Systems, methods, and computer-readable for defining host functionalities in a computing environment include obtaining two or more snapshots comprising information pertaining to two or more processes executing in two or more hosts, the two or more snapshots being obtained at two or more points in time from the two or more hosts. One or more long-running processes amongst the two or more processes are identified based on one or more criteria associated with long-running processes. One or more priorities associated with the one or more long-running processes and used for defining functionalities for at least a subset of the two or more hosts, where high priorities are assigned to long-running processes, such as web server or database server processes, which are unique to at least the subset of the two or more hosts. Resources may be provisioned based on these host functionalities.