公开(公告)号：US20210392135A1

公开(公告)日：2021-12-16

申请号：US16899317

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Ashok Kumar ,  Tapan Shrikrishna Patwardhan ,  Hanlin He ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Ning Shan

IPC: H04L29/06 ,  H04L12/26

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for receiving, at an authentication service of an enterprise network and from a user device, a request to access an application; determining a user status associated with the request based on information received from at least an identity service engine; determining, based on the user status, whether the user device meets a set of security parameters for accessing the application, to yield a determination; and determining, based on the determination, whether to grant or deny the request for accessing the application.

公开(公告)号：US20200296007A1

公开(公告)日：2020-09-17

申请号：US16354008

申请日：2019-03-14

Applicant: Cisco Technology, Inc.

Inventor： Matthew Lawson Finn, II ,  Alok Lalit Wadhwa ,  Navindra Yadav ,  Jerry Xin Ye ,  Supreeth Rao ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Aiyesha Ma ,  Darshan Shrinath Purandare

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.

公开(公告)号：US20190230112A1

公开(公告)日：2019-07-25

申请号：US15992071

申请日：2018-05-29

Applicant: Cisco Technology, Inc.

Inventor： Shashi Gandham ,  Navindra Yadav ,  Janardhanan Radhakrishnan ,  Hoang-Nam Nguyen ,  Umesh Paul Mahindra ,  Sunil Gupta ,  Praneeth Vallem ,  Supreeth Rao ,  Darshan Shrinath Purandare ,  Xuan Zou ,  Joseph Daniel Beshay ,  Jothi Prakash Prabakaran

IPC: H04L29/06 ,  G06F21/53 ,  H04L12/24 ,  G06F9/455

Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.

公开(公告)号：US20190123983A1

公开(公告)日：2019-04-25

申请号：US15793473

申请日：2017-10-25

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Aria Rahadian ,  Umamaheswaran Arumugam ,  Xuan Zou

IPC: H04L12/26 ,  H04W28/08 ,  H04L12/803

Abstract: Systems, methods, and computer-readable media for correlating gathered network traffic data and analytics with external data for purposes of managing a cluster of nodes in a network. In some embodiments, a system can identify a cluster of nodes in a network. Network traffic data for the cluster of nodes in the network can be collected based on traffic flowing through the cluster of nodes using a group of sensors implemented in the network. The system can generate analytics for the cluster of nodes in the network using the collected network traffic data. The analytics can be correlated with external data to create correlated external analytics for use in controlling operation of the cluster of nodes in the network.

公开(公告)号：US11895156B2

公开(公告)日：2024-02-06

申请号：US17931595

申请日：2022-09-13

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Hongyang Zhang ,  Kai Zhu

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/145 ,  H04L63/1416

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

公开(公告)号：US11716352B2

公开(公告)日：2023-08-01

申请号：US16902526

申请日：2020-06-16

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Fuzhuo Sun ,  Ashok Kumar

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/164 ,  H04L63/029 ,  H04L63/20

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

公开(公告)号：US11698976B2

公开(公告)日：2023-07-11

申请号：US16922565

申请日：2020-07-07

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Songlin Li

IPC: H04L29/00 ,  G06F21/57 ,  H04L9/40

CPC classification number: G06F21/577 ,  H04L63/1433 ,  H04L63/20 ,  G06F2221/033

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

公开(公告)号：US20230012641A1

公开(公告)日：2023-01-19

申请号：US17931595

申请日：2022-09-13

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Hongyang Zhang ,  Kai Zhu

IPC: H04L9/40

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

公开(公告)号：US11539735B2

公开(公告)日：2022-12-27

申请号：US16985520

申请日：2020-08-05

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Matthew Lawson Finn, II

IPC: H04L9/40

Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.

公开(公告)号：US20220070065A1

公开(公告)日：2022-03-03

申请号：US17499651

申请日：2021-10-12

Applicant: Cisco Technology, Inc.

Inventor： Matthew Lawson Finn, II ,  Alok Lalit Wadhwa ,  Navindra Yadav ,  Jerry Xin Ye ,  Supreeth Rao ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Aiyesha Ma ,  Darshan Shrinath Purandare

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.