公开(公告)号：US20180278481A1

公开(公告)日：2018-09-27

申请号：US15470499

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC: H04L12/24 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L41/0893 ,  G06F8/61 ,  G06F17/30094 ,  G06F17/30194 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0856 ,  H04L67/06 ,  H04L67/1097

Abstract: The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US20240386113A1

公开(公告)日：2024-11-21

申请号：US18198138

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Singh

IPC: G06F21/57 ,  G06F21/52 ,  G06F21/55 ,  G06F21/56

Abstract: Techniques are described for protecting services containing web applications from malicious attacks. A data flow that includes a stack trace and a process is received from a web application. The stack trace is chained with the process to generate a data flow graph. A data lake is then accessed to determine whether the data flow graph is in the data lake. If the data flow graph is not in the data lake, then the data flow can be considered safe. If the data flow graph is not already in the data lake, then a determination is made as to whether the data flow includes a command that accepts user input. If it is determined that the data flow does include a command that accepts user input, then the data flow can be considered to be malicious and the process is terminated to protect the web application from a malicious attack.

公开(公告)号：US20240333761A1

公开(公告)日：2024-10-03

申请号：US18126827

申请日：2023-03-27

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh

IPC: H04L9/40

CPC classification number: H04L63/1483 ,  H04L63/0236

Abstract: Techniques and architecture are described for detecting a compromised mailbox as an email account compromise (EAC) involved in lateral phishing, lateral scam, lateral BEC, outbound scam, lateral and inbound fraudulent money transfer requests. For example, the techniques and architecture provide a method that comprises scanning, by a pre-filter, electronic mail messages (emails) within an organization, wherein the emails originate within the organization. The pre-filter analyzes the emails with respect to known fraudulent email practices and determines that an email is a questionable email. A retrospective behavior engine analyzes the questionable email with respect to one or more historical traits to provide a feature set. Based at least in part on the feature set, the verdict correlation engine determines that the questionable email belongs in a class of emails from multiple classes of emails. Based at least in part on the class, the verdict correlation engine performs a responsive action.

公开(公告)号：US20230328034A1

公开(公告)日：2023-10-12

申请号：US17867464

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： Durgamadhav Behera ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/1483 ,  H04L63/1408

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

公开(公告)号：US20220014436A1

公开(公告)日：2022-01-13

申请号：US17482411

申请日：2021-09-22

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US20180145906A1

公开(公告)日：2018-05-24

申请号：US15359511

申请日：2016-11-22

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Mohammadreza Alizadeh Attar ,  Shashi Gandham ,  Abhishek Singh ,  Shih-Chun Chang

IPC: H04L12/721 ,  H04L12/26 ,  H04L12/707 ,  H04L12/24

CPC classification number: H04L45/70 ,  H04L41/14 ,  H04L41/5058 ,  H04L43/026 ,  H04L43/062 ,  H04L43/067 ,  H04L43/0876 ,  H04L45/38

Abstract: An example method includes a sensor detecting multiple packets of a flow during a specified total time period (e.g., a reporting time period). The total time period can be subdivided into multiple time periods. The sensor can analyze the detected packets to determine an amount of network utilization for each of the time periods. The sensor can then generate a flow summary based on the network utilization and the flow and send the flow summary to an analytics engine. Multiple other sensors can do similarly for their respective packets and flows. The analytics engine can receive the flow summaries from the various sensors and determine a correspondence between flow with high network utilization at a specific time period and a node or nodes. These nodes that experienced multiple flows with high network utilization for a certain period of time can be identified as experiencing a microburst.