公开(公告)号：US11019095B2

公开(公告)日：2021-05-25

申请号：US16261682

申请日：2019-01-30

Applicant: Cisco Technology, Inc.

Inventor： Martin Grill ,  Lukas Bajer ,  Martin Kopp ,  Jan Kohout

IPC: H04L29/06

Abstract: In one embodiment, a device in a network obtains log data regarding replication of files stored on an endpoint client to a file replication service. The device tracks, based on the obtained logs, encryption changes to the files that convert the files from unencrypted files to encrypted files. The device determines that the tracked encryption changes to the files are indicative of a ransomware infection on the endpoint client. The device initiates a mitigation action regarding the ransomware infection.

公开(公告)号：US10749770B2

公开(公告)日：2020-08-18

申请号：US16156020

申请日：2018-10-10

Applicant: Cisco Technology, Inc.

Inventor： Jan Kohout ,  Martin Grill ,  Martin Kopp ,  Lukas Bajer

IPC: H04L12/28 ,  H04L12/26 ,  H04L12/851

Abstract: In one embodiment, a traffic analysis service obtains telemetry data regarding network traffic associated with a device in a network. The traffic analysis service forms a histogram of frequencies of the traffic features from the telemetry data for the device. The traffic features are indicative of endpoints with which the device communicated. The traffic analysis service associates a device type with the device, by comparing the histogram of the traffic features from the telemetry data to histograms of traffic features associated with other devices. The traffic analysis service initiates, based on the device type associated with the device, an adjustment to treatment of the traffic associated with the device by the network.