公开(公告)号：US20240073284A1

公开(公告)日：2024-02-29

申请号：US17895368

申请日：2022-08-25

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla

IPC: H04L67/133 ,  H04L67/02 ,  H04L67/56

CPC classification number: H04L67/133 ,  H04L67/02 ,  H04L67/56

Abstract: In one embodiment, an illustrative method herein may comprise: obtaining, by a device, one or more independent telemetry streams, wherein each of the one or more independent telemetry streams is uniquely identifiable by a span identifier; translating, by the device, each of the one or more independent telemetry streams into a corresponding QUIC protocol stream; mapping, by the device, the span identifier of each of the one or more independent telemetry streams to a respective stream identifier that uniquely identifies a QUIC channel of a multiplexed QUIC protocol stream; and communicating, by the device, the multiplexed QUIC protocol stream containing each of the one or more independent telemetry streams on its corresponding QUIC channel to cause a retrieving device to determine the span identifier of each of the one or more independent telemetry streams based on their respective stream identifier.

公开(公告)号：US20240028743A1

公开(公告)日：2024-01-25

申请号：US18084121

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrew Zawadowskiy

IPC: G06F21/57 ,  G06F8/41

CPC classification number: G06F21/577 ,  G06F8/433 ,  G06F2221/033

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a program and subsequently determining valid target destinations for transitions within the program. The instructions of the program may be executed by determining a destination for a transition, performing the transition when the destination is included in the list of valid target destinations, and performing a secondary action when the destination is not included in the list of valid target destinations.

公开(公告)号：US20240028701A1

公开(公告)日：2024-01-25

申请号：US18084177

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Thomas Szigeti ,  Oleg Bessonov ,  Ashok Krishnaji Moghe

IPC: G06F21/51

CPC classification number: G06F21/51 ,  G06F2221/033

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers.

公开(公告)号：US20230275837A1

公开(公告)日：2023-08-31

申请号：US17681079

申请日：2022-02-25

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Doron Levari

IPC: H04L47/12 ,  H04L67/141 ,  H04L67/148

CPC classification number: H04L47/12 ,  H04L67/141 ,  H04L67/148

Abstract: Techniques for scaling additional capacity for secure access solutions and other workloads of enterprise edge networks in and out of a cloud-computing network based on demand. The techniques may include determining that a capacity associated with a secure access node of an enterprise edge network meets or exceeds a threshold capacity. Based at least in part on the capacity meeting or exceeding the threshold capacity, the techniques may include causing a facsimile of the secure access node to be spun up on a cloud-computing network that is remote from the enterprise edge network. In this way, new connection requests received from client devices can be redirected to the facsimile of the secure access node. Additionally, or alternatively, one or more existing connections between client devices and the secure access node may be migrated to the facsimile of the secure access node in the cloud.

公开(公告)号：US11677650B2

公开(公告)日：2023-06-13

申请号：US17487100

申请日：2021-09-28

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Andrew Zawadowskiy

IPC: G06F15/173 ,  H04L43/0882 ,  H04L43/0811 ,  H04L43/062 ,  H04L41/22 ,  H04L67/1023 ,  H04L67/1008 ,  H04L67/561 ,  G06F15/16

CPC classification number: H04L43/0882 ,  H04L41/22 ,  H04L43/062 ,  H04L43/0811 ,  H04L67/1008 ,  H04L67/1023 ,  H04L67/561

Abstract: In one embodiment, a monitoring engine obtains mesh flow data for traffic flows between nodes in a service mesh. The monitoring engine associates the mesh flow data with network traffic between an endpoint device and an edge of the service mesh. The monitoring engine identifies, based on the mesh flow data, a particular container workload associated with the traffic flows. The monitoring engine provides an indication that the particular container workload is associated with the network traffic between the endpoint device and the edge of the service mesh.

公开(公告)号：US20230129786A1

公开(公告)日：2023-04-27

申请号：US18088284

申请日：2022-12-23

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Vincent E. Parla ,  Jan Jusko ,  Martin Grill ,  Martin Vejman

IPC: H04L9/40 ,  G06F21/55 ,  H04L9/32 ,  G06F21/44 ,  G06F21/52

Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

公开(公告)号：US20230081782A1

公开(公告)日：2023-03-16

申请号：US17719921

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L45/00 ,  H04L45/42 ,  H04L61/103 ,  H04L12/46

Abstract: Techniques for tunneling Layer 2 ethernet frames over a connection tunnel using the MASQUE protocol are described herein. The MASQUE protocol may be extended to include a new entity, configured to proxy ethernet frames using a MASQUE proxy connection, and an associated CONNECT method, CONNECT-ETH. Using the extended MASQUE protocol, an Ethernet over MASQUE (EoMASQUE) tunnel may then be established between various networks that are remote from one another and connected to the internet. An EoMASQUE tunnel, established between separate remote client premises, and/or between a remote client premise and an enterprise premise, may tunnel ethernet packets between the endpoints. Additionally, a first EoMASQUE tunnel, established between a first client router provisioned in a first remote client premise and an EoMASQUE proxy node, and a second EoMASQUE tunnel, established between a second client premise and the EoMASQUE proxy node, may tunnel ethernet packets between the first and second client premise.

公开(公告)号：US20170104722A1

公开(公告)日：2017-04-13

申请号：US14877116

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Hari Shankar ,  Constantinos Kleopa ,  Venkatesh N. Gautam ,  Gerald N.A. Selvam

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0254 ,  H04L63/1425

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

公开(公告)号：US20160261562A1

公开(公告)日：2016-09-08

申请号：US15156646

申请日：2016-05-17

Applicant: Cisco Technology, Inc.

Inventor： Todd Short ,  Andrew Zawadowskiy ,  Antonio Martin ,  Vincent E. Parla

IPC: H04L29/06 ,  H04L12/721 ,  H04L29/08

CPC classification number: H04L63/0227 ,  H04L45/306 ,  H04L45/566 ,  H04L63/0245 ,  H04L63/08 ,  H04L63/10 ,  H04L67/02

Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.

公开(公告)号：US20250088469A1

公开(公告)日：2025-03-13

申请号：US18583429

申请日：2024-02-21

Applicant: Cisco Technology, Inc.

Inventor： Cullen Frishman Jennings ,  Vincent E. Parla ,  Thomas Brennan Gillis, Jr. ,  Stephen Craig Connors, Jr.

IPC: H04L47/80 ,  H04L47/2441

Abstract: An apparatus configured to perform resilient data plane processing using multiple network streams may comprise a memory and a processor communicatively coupled to one another. The processor may be configured to establish a connection with the data aggregator, and request access to one or more resources from a data aggregator. Further, the processor may be configured to receive a first data stream and a second data stream from the data aggregator, combine a version of the first data stream and a version of the second data stream into a local data stream, and present the local data stream.