公开(公告)号：US20220070197A1

公开(公告)日：2022-03-03

申请号：US17003450

申请日：2020-08-26

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu ,  Thanh Nhan Nguyen ,  Vaishali Palkar ,  Varun Malhotra ,  Shih-Chun Chang ,  Xin Liu

IPC: H04L29/06

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting vulnerabilities in real-time during execution of a process or an application. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to obtain real-time process information associated with a process executing in an endpoint. The device can then determine package information for a package associated with the process based on the process information. The device can then identify at least one vulnerability associated with the package information using a database of vulnerabilities stored on a backend component of the network. The backend component may have a database of vulnerabilities for packages.

公开(公告)号：US11146454B2

公开(公告)日：2021-10-12

申请号：US16820404

申请日：2020-03-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US20210160157A1

公开(公告)日：2021-05-27

申请号：US17161903

申请日：2021-01-29

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L12/24 ,  H04L12/715 ,  H04L12/723 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

公开(公告)号：US20200304523A1

公开(公告)日：2020-09-24

申请号：US16899190

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US10764141B2

公开(公告)日：2020-09-01

申请号：US15469737

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hai Vu ,  Shih-Chun Chang ,  Varun Malhotra ,  Shashi Gandham ,  Navindra Yadav ,  Allen Chen ,  Praneeth Vallem ,  Rohit Prasad

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

公开(公告)号：US20190081959A1

公开(公告)日：2019-03-14

申请号：US16179027

申请日：2018-11-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  FNU Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20170075710A1

公开(公告)日：2017-03-16

申请号：US14855811

申请日：2015-09-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit C. Prasad ,  Shashidhar R. Gandham ,  Navindra Yadav ,  Khawar Deen ,  Shih-Chun Chang ,  Ashutosh Kulshreshtha ,  Anubhav Gupta

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L43/12

Abstract: Methods, systems, and computer readable media are provided for determining, in a virtualized network system, a relationship of a sensor relative to other sensors. In a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data is received from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors indicating one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, and all traffic flows observed by the second group of sensors are also observed by the third group of sensors. For each respective sensor, a location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

Abstract translation: 提供了方法，系统和计算机可读介质，用于在虚拟化网络系统中确定传感器相对于其他传感器的关系。 在其中部署多个软件传感器并且其中存在一个或多个业务流的虚拟化计算系统中，从多个传感器接收捕获的网络数据，来自多个传感器中的给定传感器的所捕获的网络数据指示 由给定传感器检测到的一个或多个交通流量。 分析所接收的捕获的网络数据，以便为每个相应的传感器识别第一组传感器，第二组传感器和第三组传感器，其中由第一组传感器观察到的所有交通流也被 第二组传感器，第二组传感器观测到的所有交通流量也由第三组传感器观察到。 对于每个相应的传感器，基于各个传感器是否属于第一组传感器，第二组传感器或第三组传感器来确定每个相应传感器相对于虚拟化计算系统内的其它传感器的位置。

公开(公告)号：US20160359914A1

公开(公告)日：2016-12-08

申请号：US15095955

申请日：2016-04-11

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Signh ,  Shih-Chun Chang

IPC: H04L29/06

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: An example method includes calculating latency bounds for communications from two sensors to a collector (i.e., maximum and minimum latencies). After the collector receives an event report from the first sensor and an event report form the second sensor, the collector can determine, using the latency bounds, whether one event likely preceded the other.

Abstract translation: 示例性方法包括计算从两个传感器到收集器的通信的延迟范围（即，最大和最小延迟）。 收集器收集第一个传感器的事件报告和第二个传感器的事件报告后，收集器可以使用延迟范围确定一个事件是否可能在另一个事件之前。

公开(公告)号：US20160359890A1

公开(公告)日：2016-12-08

申请号：US15171879

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L29/06

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

Abstract translation: 一种方法包括使用部署在第一主机处的第一捕获代理捕获与来自第一主机的第一分组流相关联的第一数据，以产生第一流数据，从第二主捕获与第一主机起源的第二分组流相关联的第二数据 部署在第二主机上的捕获代理产生第二流数据并比较第一流数据和第二流数据以产生差异。 当所述差异高于阈值时，所述方法包括确定所述第二分组流由绕过所述设备的所述第一主机或分组捕获代理的操作堆栈的组件发送以产生确定，检测所述隐藏网络流量 存在并且基于该确定来预测与第一主机的恶意软件问题。

公开(公告)号：US20160359889A1

公开(公告)日：2016-12-08

申请号：US15171763

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Abstract translation: 用于管理多层虚拟化环境中的受感染传感器的系统，方法和计算机可读介质。 在一些实施例中，系统可以从部署在第一设备的虚拟化层中的第一捕获代理接收基于由第一捕获代理捕获的流量生成的数据报告。 系统还可以从部署在第二设备的硬件层中的第二捕获代理接收基于由第二捕获代理捕获的流量生成的数据报告。 基于数据报告，系统可以确定由第一捕获代理和第二捕获代理捕获的流量的特征。 然后，系统可以比较特征以确定交通特性的多层差异。 基于流量特性的多层差异，系统可以确定第一捕获代理或第二捕获代理处于故障状态。