公开(公告)号：US10320630B2

公开(公告)日：2019-06-11

申请号：US15171855

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow.

公开(公告)号：US10305757B2

公开(公告)日：2019-05-28

申请号：US15132086

申请日：2016-04-18

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Supreeth Hosur Nagesh Rao ,  Ashutosh Kulshreshtha ,  Omid Madani ,  Jackson Ngoc Ki Pang ,  Khawar Deen ,  Ellen Christine Scheib

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/813 ,  H04L12/841 ,  H04L9/32 ,  H04L9/08 ,  H04L12/721 ,  H04L29/08 ,  H04L12/24 ,  H04L12/851 ,  H04L12/725 ,  H04L12/823 ,  H04L29/12 ,  H04L12/723 ,  H04L12/833 ,  H04L12/715 ,  H04L12/801 ,  H04J3/06 ,  G06F21/56 ,  G06F21/55 ,  G06F3/0484 ,  G06F3/0482 ,  G06F9/455 ,  G06T11/20 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F17/30 ,  H04W84/18 ,  G06N99/00 ,  G06F21/53 ,  H04L1/24 ,  H04W72/08 ,  H04J3/14 ,  H04L12/741

Abstract: An example method can include monitoring a network to identify flows between nodes in the network. Once flows have been identified, the flows can be tagged and labelled according to the type of traffic they represent. If a flow represents malicious or otherwise undesirable traffic, it can be tagged accordingly. A request can then be made for a reputation score of an entity which can identify one or more nodes of the network.

公开(公告)号：US20190123985A1

公开(公告)日：2019-04-25

申请号：US15793424

申请日：2017-10-25

Applicant: Cisco Technology, Inc.

Inventor： Supreeth Rao ,  Navindra Yadav ,  Prasannakumar Jobigenahally Malleshaiah ,  Darshan Shrinath Purandare ,  Aiyesha Ma ,  Aria Rahadian ,  Tapan Shrikrishna Patwardhan ,  Jackson Ngoc Ki Pang

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/065 ,  H04L41/0816 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/14 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0876 ,  H04L43/12

Abstract: Systems, methods, and computer-readable media for providing interoperability between nodes in separate networks as part of a federated network. In some embodiments, a system can identify a first cluster of nodes in a first network and a second cluster of nodes in a second network. The system can provide interoperability between the first cluster of nodes and the second cluster of nodes. First analytics for the first cluster of nodes can be generated using first network traffic data gathered based on first network traffic flowing through the first cluster of nodes by a group of sensors implemented in the first network. The second cluster of nodes can access the first analytics for the first cluster of nodes as part of providing the interoperability between the first cluster of nodes in the first network and the second cluster of nodes in the second network.

公开(公告)号：US20190123972A1

公开(公告)日：2019-04-25

申请号：US15790412

申请日：2017-10-23

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Ashutosh Kulshreshtha ,  Michael Watts ,  Navindra Yadav ,  Vimal Jeyakumar

IPC: H04L12/24 ,  G06F9/48

Abstract: The disclosed technology relates to assisting with the migration of networked entities. A system may be configured to collect operations data for a service from at least one endpoint host in a network, calculate at least one metric for the service based on the operations data, retrieve a migration configuration and platform data for a target platform, generate a predicted cost for the migration configuration based on the migration configuration, the at least one metric, and the platform data, and provide the predicted cost for the migration configuration to a user.

公开(公告)号：US10181987B2

公开(公告)日：2019-01-15

申请号：US15171807

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC: G06F15/173 ,  H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56

Abstract: Systems, methods, and computer-readable media for collector high availability. In some embodiments, a system receives, from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network. The system can also receive, from a second collector device, a second data report generated by the capturing agent deployed on the host system. The first and second data reports can include traffic data captured at the host system by the capturing agent during a period of time. The system can determine that the first data report and the second data report are both associated with the capturing agent, and identify duplicate data contained in the first data report and the second data report. The system can then deduplicate the first and second data reports to yield a deduplicated data report.

公开(公告)号：US10171319B2

公开(公告)日：2019-01-01

申请号：US15152163

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: G06F9/455 ,  H04L12/26 ,  H04L29/06 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56

Abstract: Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

公开(公告)号：US10116530B2

公开(公告)日：2018-10-30

申请号：US15133073

申请日：2016-04-19

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56

Abstract: Systems, methods, and computer-readable media for detecting sensor deployment characteristics in a network. In some embodiments, a system can run a capturing agent deployed on a virtualization environment of the system. The capturing agent can query the virtualization environment for one or more environment parameters, and receive a response from the virtualized environment including the one or more environment parameters. Based on the one or more environment parameters, the capturing agent can determine whether the virtualization environment where the capturing agent is deployed is a hypervisor or a virtual machine. The capturing agent can also determine what type of software switch is running in the virtualized environment.

公开(公告)号：US20180278478A1

公开(公告)日：2018-09-27

申请号：US15468642

申请日：2017-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Hai Vu ,  Shih-Chun Chang ,  Hoang Nguyen ,  Shashi Gandham ,  Navindra Yadav ,  Praneeth Vallem ,  Sunil Gupta ,  Ravi Prasad ,  Varun Malhotra

IPC: H04L12/24 ,  H04L29/06

Abstract: The disclosed technology relates to a network agent for generating platform specific network policies. A network agent is configured to receive a platform independent network policy from a network policy system, determine implementation characteristics of the network entity, generate platform specific policies from the platform independent network policy based on the implementation characteristics of the network entity, and implement the platform specific policies on the network entity.

公开(公告)号：US10079846B2

公开(公告)日：2018-09-18

申请号：US15097236

申请日：2016-04-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Navindra Yadav ,  Ellen Scheib ,  Rachita Agasthy

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1425 ,  H04L61/1511 ,  H04L61/2514

Abstract: In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data, identifying at the analytics module, Domain Name System (DNS) exchanges within the network, associating at the analytics module, the DNS exchanges with process, user, and host information, and identifying at the analytics module, anomalies in the DNS exchanges. An apparatus and logic are also disclosed herein.

公开(公告)号：US20180145906A1

公开(公告)日：2018-05-24

申请号：US15359511

申请日：2016-11-22

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Mohammadreza Alizadeh Attar ,  Shashi Gandham ,  Abhishek Singh ,  Shih-Chun Chang

IPC: H04L12/721 ,  H04L12/26 ,  H04L12/707 ,  H04L12/24

CPC classification number: H04L45/70 ,  H04L41/14 ,  H04L41/5058 ,  H04L43/026 ,  H04L43/062 ,  H04L43/067 ,  H04L43/0876 ,  H04L45/38

Abstract: An example method includes a sensor detecting multiple packets of a flow during a specified total time period (e.g., a reporting time period). The total time period can be subdivided into multiple time periods. The sensor can analyze the detected packets to determine an amount of network utilization for each of the time periods. The sensor can then generate a flow summary based on the network utilization and the flow and send the flow summary to an analytics engine. Multiple other sensors can do similarly for their respective packets and flows. The analytics engine can receive the flow summaries from the various sensors and determine a correspondence between flow with high network utilization at a specific time period and a node or nodes. These nodes that experienced multiple flows with high network utilization for a certain period of time can be identified as experiencing a microburst.