知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

22 records (took 0.017 seconds)

    TRACKING HOST THREATS IN A NETWORK AND ENFORCING THREAT POLICY ACTIONS FOR THE HOST THREATS
    11.
    发明申请
    TRACKING HOST THREATS IN A NETWORK AND ENFORCING THREAT POLICY ACTIONS FOR THE HOST THREATS 有权

    公开(公告)号:US20210075810A1

    公开(公告)日:2021-03-11

    申请号:US16949865

    申请日:2020-11-18

    Applicant: Juniper Networks, Inc.

    Inventor: Prakash T. Seshadri Binh Phu Le Srinivas Nimmagadda Jeffrey S. Marshall Kartik krishnan S. Iyyer

    IPC: H04L29/06 G06F16/23 G06F16/22 H04L29/08

    Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

    Tracking host threats in a network and enforcing threat policy actions for the host threats
    12.
    发明授权
    Tracking host threats in a network and enforcing threat policy actions for the host threats 有权

    公开(公告)号:US10862912B2

    公开(公告)日:2020-12-08

    申请号:US16024319

    申请日:2018-06-29

    Applicant: Juniper Networks, Inc.

    Inventor: Prakash T. Seshadri Binh Phu Le Srinivas Nimmagadda Jeffrey S. Marshall Kartik Krishnan S. Iyyer

    IPC: H04L29/06 G06F16/23 G06F16/22 H04L29/08

    Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

    ENFORCING MICRO-SEGMENTATION POLICIES FOR PHYSICAL AND VIRTUAL APPLICATION COMPONENTS IN DATA CENTERS
    14.
    发明申请
    ENFORCING MICRO-SEGMENTATION POLICIES FOR PHYSICAL AND VIRTUAL APPLICATION COMPONENTS IN DATA CENTERS 审中-公开

    公开(公告)号:US20190007456A1

    公开(公告)日:2019-01-03

    申请号:US15639366

    申请日:2017-06-30

    Applicant: Juniper Networks, Inc.

    Inventor: Srinivas NIMMAGADDA Rakesh Kumar Prakash T. Seshadri Sriram Subramanian

    IPC: H04L29/06

    CPC classification number: H04L63/20 H04L63/0263 H04L63/0272 H04L63/102

    Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.

    TRACKING AND MITIGATION OF AN INFECTED HOST DEVICE
    15.
    发明申请
    TRACKING AND MITIGATION OF AN INFECTED HOST DEVICE 审中-公开

    公开(公告)号:US20180288078A1

    公开(公告)日:2018-10-04

    申请号:US15942530

    申请日:2018-04-01

    Applicant: Juniper Networks, Inc.

    Inventor: Karthik Ragunath Balasundaram Prakash T. Seshadri Daniel J. Quinlan Volodymyr Kuznetsov Rakesh Kumar

    IPC: H04L29/06 G06F21/56

    Abstract: A security platform may determine mapped attribute information associated with a plurality of host identifiers. The mapped attribute information may include information that identifies a set of related attributes. The security platform may determine, based on the mapped attribute information, that a host device is associated with at least two host identifiers of the plurality of host identifiers. The security platform may aggregate, based on the at two least host identifiers, threat information as aggregated threat information associated with the host device. The security platform may classify the host device as an infected device or a suspicious device based on the aggregated threat information.

    Tracking host threats in a network and enforcing threat policy actions for the host threats
    16.
    发明授权
    Tracking host threats in a network and enforcing threat policy actions for the host threats 有权

    公开(公告)号:US12261870B2

    公开(公告)日:2025-03-25

    申请号:US18529413

    申请日:2023-12-05

    Applicant: Juniper Networks, Inc.

    Inventor: Prakash T. Seshadri Binh Phu Le Srinivas Nimmagadda Jeffrey S. Marshall Kartik Krishnan S. Iyyer

    IPC: H04L9/40 G06F16/22 G06F16/23 H04L67/52

    Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

    PACKET STEERING TO A HOST-BASED FIREWALL IN VIRTUALIZED ENVIRONMENTS
    18.
    发明申请
    PACKET STEERING TO A HOST-BASED FIREWALL IN VIRTUALIZED ENVIRONMENTS 有权

    公开(公告)号:US20220303246A1

    公开(公告)日:2022-09-22

    申请号:US16652643

    申请日:2020-02-27

    Applicant: Juniper Networks, Inc.

    Inventor: Prasad Miriyala Aniket G. Daptari Fei Chen Pranavadatta D N Kiran K N Jeffrey S. Marshall Prakash T. Seshadri

    IPC: H04L9/40 H04L41/0894 H04L12/46 H04L45/76 G06F9/455

    Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

    Dynamic implementation of a security rule
    19.
    发明授权
    Dynamic implementation of a security rule 有权

    公开(公告)号:US11070589B2

    公开(公告)日:2021-07-20

    申请号:US15637806

    申请日:2017-06-29

    Applicant: Juniper Networks, Inc.

    Inventor: Srinivas Nimmagadda Rakesh Kumar Prakash T. Seshadri

    IPC: H04L29/06 H04L12/851 G06F21/55

    Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.

Patent Agency Ranking