公开(公告)号：US20210392165A1

公开(公告)日：2021-12-16

申请号：US16902526

申请日：2020-06-16

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Fuzhuo Sun ,  Ashok Kumar

IPC: H04L29/06

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

公开(公告)号：US11128700B2

公开(公告)日：2021-09-21

申请号：US16024182

申请日：2018-06-29

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Darshan Shrinath Purandare ,  Duy Nguyen ,  Hai Vu ,  Kai Zhu ,  Aiyesha Ma ,  Tapan Shrikrishna Patwardhan ,  Jothi Prakash Prabakaran

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/24 ,  H04L12/26

Abstract: Aspects of the disclosed technology provide methods for automatically tuning load-balancer configurations in a network environment. In some implementations, a process of the disclosed technology includes steps for collecting flow records of traffic flow segments at a middle box in a network environment, the traffic flow segments corresponding to one or more traffic flows passing through the middle box, analyzing the flow records to identify one or more traffic patterns in the network environment, and automatically updating a load balancer configuration based on the one or more traffic patterns, wherein updating the load balancer configuration improves at least one traffic flow parameter for at least one of the traffic flows passing through the middle box. Systems and machine-readable media are also provided.

公开(公告)号：US20220070222A1

公开(公告)日：2022-03-03

申请号：US17003364

申请日：2020-08-26

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Hosur Nagesh Rao ,  Navindra Yadav ,  Tapan Shrikrishna Patwardhan ,  Umamaheswaran Arumugam ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Hongyang Zhang ,  Kai Zhu

IPC: H04L29/06

Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

公开(公告)号：US20210176268A1

公开(公告)日：2021-06-10

申请号：US17105409

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Shashi Gandham ,  Navindra Yadav ,  Janardhanan Radhakrishnan ,  Hoang-Nam Nguyen ,  Umesh Paul Mahindra ,  Sunil Gupta ,  Praneeth Vallem ,  Supreeth Rao ,  Darshan Shrinath Purandare ,  Xuan Zou ,  Joseph Daniel Beshay ,  Jothi Prakash Prabakaran

IPC: H04L29/06 ,  G06F21/53 ,  H04L12/24 ,  G06F9/455 ,  H04L12/26

Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.

公开(公告)号：US10798015B2

公开(公告)日：2020-10-06

申请号：US16011427

申请日：2018-06-18

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Duy Nguyen ,  Hai Vu ,  Prasannakumar Jobigenahally Malleshaiah ,  Aiyesha Ma ,  Kai Zhu ,  Darshan Shrinath Purandare ,  Jothi Prakash Prabakaran

IPC: H04L12/891 ,  H04L29/08 ,  H04L12/26 ,  G06F9/455 ,  H04L12/721 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments across middleboxes. A method can include collecting flow records of traffic flow segments at a first middlebox and a second middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments can be identified with respect to the first middlebox and the second middlebox. Corresponding subsets of the traffic flow segments can be stitched together to from a first stitched traffic flow at the first middlebox and a second stitched traffic flow at the second middlebox. The first and second stitched traffic flows can be stitched together to form a cross-middlebox stitched traffic flow across the first middlebox and the second middlebox. The cross-middlebox stitched traffic flow can be incorporated as part of network traffic data for the network environment.

公开(公告)号：US10523541B2

公开(公告)日：2019-12-31

申请号：US15793424

申请日：2017-10-25

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Aria Rahadian ,  Tapan Shrikrishna Patwardhan ,  Jackson Ngoc Ki Pang

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for providing interoperability between nodes in separate networks as part of a federated network. In some embodiments, a system can identify a first cluster of nodes in a first network and a second cluster of nodes in a second network. The system can provide interoperability between the first cluster of nodes and the second cluster of nodes. First analytics for the first cluster of nodes can be generated using first network traffic data gathered based on first network traffic flowing through the first cluster of nodes by a group of sensors implemented in the first network. The second cluster of nodes can access the first analytics for the first cluster of nodes as part of providing the interoperability between the first cluster of nodes in the first network and the second cluster of nodes in the second network.

公开(公告)号：US20190238633A1

公开(公告)日：2019-08-01

申请号：US16024182

申请日：2018-06-29

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Darshan Shrinath Purandare ,  Duy Nguyen ,  Hai Vu ,  Kai Zhu ,  Aiyesha Ma ,  Tapan Shrikrishna Patwardhan ,  Jothi Prakash Prabakaran

IPC: H04L29/08 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L67/1031 ,  H04L41/0677 ,  H04L41/0816 ,  H04L41/0893 ,  H04L43/08 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029

Abstract: Aspects of the disclosed technology provide methods for automatically tuning load-balancer configurations in a network environment. In some implementations, a process of the disclosed technology includes steps for collecting flow records of traffic flow segments at a middle box in a network environment, the traffic flow segments corresponding to one or more traffic flows passing through the middle box, analyzing the flow records to identify one or more traffic patterns in the network environment, and automatically updating a load balancer configuration based on the one or more traffic patterns, wherein updating the load balancer configuration improves at least one traffic flow parameter for at least one of the traffic flows passing through the middle box. Systems and machine-readable media are also provided.

公开(公告)号：US20190230127A1

公开(公告)日：2019-07-25

申请号：US16032765

申请日：2018-07-11

Applicant: Cisco Technology, Inc.

Inventor： Shashi Gandham ,  Navindra Yadav ,  Janardhanan Radhakrishnan ,  Hoang-Nam Nguyen ,  Umesh Paul Mahindra ,  Sunil Gupta ,  Praneeth Vallem ,  Supreeth Rao ,  Darshan Shrinath Purandare ,  Xuan Zou ,  Girish Anant Kalele ,  Jothi Prakash Prabakaran

IPC: H04L29/06 ,  H04L12/24

Abstract: Aspects of the disclosed technology relate to ways to authenticate customer/subscriber access to a policy update stream. A process of the technology can include steps for instantiating a network monitoring device in response to a request, the request comprising one or more configuration parameters for the network monitoring device, and receiving a first certificate from the network monitoring device, wherein the first certificate is based on the one or more configuration parameters. In some aspects, the steps can further include sending the first certificate to a processing pipeline for authentication, wherein the processing pipeline is configured to authenticate the first certificate based on a second certificate received by the processing pipeline from the network monitoring device. Systems and machine readable media are also provided.

公开(公告)号：US20190230041A1

公开(公告)日：2019-07-25

申请号：US16011427

申请日：2018-06-18

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Umamaheswaran Arumugam ,  Michael Watts ,  Shashi Gandham ,  Duy Nguyen ,  Hai Vu ,  Prasannakumar Jobigenahally Malleshaiah ,  Aiyesha Ma ,  Kai Zhu ,  Darshan Shrinath Purandare ,  Jothi Prakash Prabakaran

IPC: H04L12/891 ,  H04L29/08

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments across middleboxes. A method can include collecting flow records of traffic flow segments at a first middlebox and a second middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments can be identified with respect to the first middlebox and the second middlebox. Corresponding subsets of the traffic flow segments can be stitched together to from a first stitched traffic flow at the first middlebox and a second stitched traffic flow at the second middlebox. The first and second stitched traffic flows can be stitched together to form a cross-middlebox stitched traffic flow across the first middlebox and the second middlebox. The cross-middlebox stitched traffic flow can be incorporated as part of network traffic data for the network environment.

公开(公告)号：US20190123985A1

公开(公告)日：2019-04-25

申请号：US15793424

申请日：2017-10-25

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Aria Rahadian ,  Tapan Shrikrishna Patwardhan ,  Jackson Ngoc Ki Pang

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/065 ,  H04L41/0816 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/14 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0876 ,  H04L43/12

Abstract: Systems, methods, and computer-readable media for providing interoperability between nodes in separate networks as part of a federated network. In some embodiments, a system can identify a first cluster of nodes in a first network and a second cluster of nodes in a second network. The system can provide interoperability between the first cluster of nodes and the second cluster of nodes. First analytics for the first cluster of nodes can be generated using first network traffic data gathered based on first network traffic flowing through the first cluster of nodes by a group of sensors implemented in the first network. The second cluster of nodes can access the first analytics for the first cluster of nodes as part of providing the interoperability between the first cluster of nodes in the first network and the second cluster of nodes in the second network.