-
公开(公告)号:US11558424B2
公开(公告)日:2023-01-17
申请号:US17307677
申请日:2021-05-04
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew
Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.
-
公开(公告)号:US11368487B2
公开(公告)日:2022-06-21
申请号:US16416794
申请日:2019-05-20
Applicant: Cisco Technology, Inc.
Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.
-
公开(公告)号:US20210144455A1
公开(公告)日:2021-05-13
申请号:US17154053
申请日:2021-01-21
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew , Alison Kendler
Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.
-
公开(公告)号:US20240297852A1
公开(公告)日:2024-09-05
申请号:US18404403
申请日:2024-01-04
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , Andrew Chi , David Arthur McGrew , Saran Singh Ahluwalia
Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.
-
公开(公告)号:US20240007774A1
公开(公告)日:2024-01-04
申请号:US18368969
申请日:2023-09-15
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew , Alison Kendler
CPC classification number: H04Q9/02 , H04L63/166 , H04L63/0428 , H04Q9/00 , H04L9/3066 , H04L63/0823 , H04Q2209/30
Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.
-
Patent Agency Ranking
公开(公告)号:US20230164185A1
公开(公告)日:2023-05-25
申请号:US18095443
申请日:2023-01-10
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew
CPC classification number: H04L63/166 , H04L63/306 , G06F18/22 , G06F18/23
Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.
-
17.发明申请公开(公告)号:US20210226782A1
公开(公告)日:2021-07-22
申请号:US16749299
申请日:2020-01-22
Applicant: Cisco Technology, Inc.
Inventor: Lionel Florit , Scott Roy Fluhrer , Amjad Inamdar , David Arthur McGrew
Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.
-
公开(公告)号:US20200374314A1
公开(公告)日:2020-11-26
申请号:US16416794
申请日:2019-05-20
Applicant: Cisco Technology, Inc.
IPC: H04L29/06
Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.
-
公开(公告)号:US10243928B2
公开(公告)日:2019-03-26
申请号:US15010679
申请日:2016-01-29
Applicant: Cisco Technology, Inc.
Inventor: Warren Scott Wainner , Sheela D. Rowles , Brian E. Weis , David Arthur McGrew , Scott R. Fluhrer , Kavitha Kamarthy
Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.
-
公开(公告)号:US20170201810A1
公开(公告)日:2017-07-13
申请号:US15083586
申请日:2016-03-29
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew , Alison Kendler
CPC classification number: H04Q9/02 , H04L9/3066 , H04L63/0428 , H04L63/0823 , H04L63/166 , H04Q9/00 , H04Q2209/30
Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.015 seconds)
