公开(公告)号：US11924107B2

公开(公告)日：2024-03-05

申请号：US17493398

申请日：2021-10-04

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L47/125 ,  H04L47/10 ,  H04L47/2416 ,  H04L47/52 ,  H04L47/726

CPC classification number: H04L47/125 ,  H04L47/2416 ,  H04L47/29 ,  H04L47/528 ,  H04L47/726

Abstract: Techniques for orchestrating workloads based on policy to operate in optimal host and/or network proximity in cloud-native environments are described herein. The techniques may include receiving flow data associated with network paths between workloads hosted by a cloud-based network. Based at least in part on the flow data, the techniques may include determining that a utilization of a network path between a first workload and a second workload is greater than a relative utilization of other network paths between the first workload and other workloads. The techniques may also include determining that reducing the network path would optimize communications between the first workload and the second workload without adversely affecting communications between the first workload and the other workloads. The techniques may also include causing at least one of a redeployment or a network path re-routing to reduce the networking proximity between the first workload and the second workload.

公开(公告)号：US20240028724A1

公开(公告)日：2024-01-25

申请号：US18198244

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrew Zawadowskiy ,  Thomas Szigeti ,  Oleg Bessonov ,  Ashok Krishnaji Moghe

IPC: G06F21/56 ,  G06F21/55

CPC classification number: G06F21/566 ,  G06F21/552

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. Transition to the monitoring phase may be based on determining a confidence score in the observed control flow directed graph and causing the transition when the confidence score is above a threshold.

公开(公告)号：US20240028712A1

公开(公告)日：2024-01-25

申请号：US18084147

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrew Zawadowskiy ,  Oleg Bessonov ,  Thomas Szigeti ,  Ashok Krishnaji Moghe

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/53

CPC classification number: G06F21/552 ,  G06F21/54 ,  G06F21/53

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining telemetry representing execution of a process on a computing system and accessing a learned control flow diagram graph for the process. A transfer of an instruction pointer is determined based on the telemetry and a validity of the transfer is determined based on the learned control flow directed graph. If invalid, then an action to terminate the process is determined, otherwise the action may be allowed to execute when valid.

公开(公告)号：US20230155941A1

公开(公告)日：2023-05-18

申请号：US17529098

申请日：2021-11-17

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L12/803 ,  H04L12/801 ,  H04L12/855 ,  H04L12/26

CPC classification number: H04L47/125 ,  H04L47/29 ,  H04L47/2466 ,  H04L43/0852

Abstract: Techniques for a computing resource network to send a packet through a processing flow (e.g., a service chain) according to an order of processing workloads (e.g., services) included in the processing flow, configured as an optimized service chain. In some examples, the computing resource network may include a policy evaluation engine configured to determine the best probabilistic outcome of an order of routing between the services that results in the lowest computational costs based on the probability that a given packet will be terminated/modified at one of the earlier processing workloads in the service chain, a prediction engine configured to determine the order of the processing workloads included in the processing flow based on a policy and/or telemetry data associated with the processing workloads, and/or an intelligent routing engine configured to route a packet between the one or more processing workloads included in a processing flow according to the order.

公开(公告)号：US20230079444A1

公开(公告)日：2023-03-16

申请号：US17719787

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L9/40 ,  H04L67/02 ,  H04L61/4511

Abstract: Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may execute on a single proxy node hosted at an edge of a cloud network or at an edge of an enterprise network. Additionally, or alternatively, a first instance of the MASQUE proxy service may execute on a first proxy node hosted at an edge of a cloud network (e.g., an ingress proxy node) and a second instance of the MASQUE proxy service may execute on a second proxy node hosted at an edge of the enterprise network.

公开(公告)号：US20220006811A1

公开(公告)日：2022-01-06

申请号：US17476861

申请日：2021-09-16

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Valentiu Vlad Santau ,  Peter Scott Davis

IPC: H04L29/06

Abstract: Methods to securely remediate a captive portal are provided. In these methods, a processor of a user device detects a connection, via a network, to a captive portal. Based on the detected connection to the captive portal, the processor launches a dedicated secure web browser, and selectively restricts access of the user device to the network in order to only allow, via the dedicated secure web browser, communications related to remediation with the captive portal.

公开(公告)号：US20200329059A1

公开(公告)日：2020-10-15

申请号：US16912471

申请日：2020-06-25

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Vincent E. Parla ,  Jan Jusko ,  Martin Grill ,  Martin Vejman

IPC: H04L29/06 ,  G06F21/55 ,  H04L9/32 ,  G06F21/44 ,  G06F21/52

Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

公开(公告)号：US20200004954A1

公开(公告)日：2020-01-02

申请号：US16150679

申请日：2018-10-03

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Alok Mittal

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/64 ,  G06F9/30 ,  G06F9/38

Abstract: In one example embodiment, a computing device has a processor that executes a processor instruction stream that causes the processor to perform one or more operations for the computing device. The computing device generates one or more trace data packets including a first instruction pointer of the processor instruction stream, a second instruction pointer of the processor instruction stream subsequent to the first instruction pointer, and a string of characters derived from instructions associated with a control flow transfer between the first instruction pointer of the processor instruction stream and the second instruction pointer of the processor instruction stream. The computing device determines whether the one or more trace data packets are consistent with a secure processor instruction stream known or determined to be secure from malicious processor instructions and, if not, generates an indication that the processor instruction stream is not secure.

公开(公告)号：US09369435B2

公开(公告)日：2016-06-14

申请号：US14041107

申请日：2013-09-30

Applicant: Cisco Technology, Inc.

Inventor： Todd Short ,  Andrew Zawadowskiy ,  Antonio Martin ,  Vincent E. Parla

IPC: H04L12/721 ,  H04L29/06 ,  H04L12/725

CPC classification number: H04L63/0227 ,  H04L45/306 ,  H04L45/566 ,  H04L63/0245 ,  H04L63/08 ,  H04L63/10 ,  H04L67/02

Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.

Abstract translation: 描述了一种用于提供权威的基于应用的路由和改进的应用防火墙的方法以及应用分类的方法。 提供用于基于权威应用的路由的方法的第一实施例包括使用应用标识符来标记分组，并且将标记的分组推送到网络以使应用标识符能够用于路由和优先级决策。 在第二实施例中，用于改进应用防火墙的方法包括使用应用标识符来最小化防火墙在分析分组信息时所需的处理量。

公开(公告)号：US20250063014A1

公开(公告)日：2025-02-20

申请号：US18936837

申请日：2024-11-04

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L61/2557 ,  H04L9/40 ,  H04L61/256 ,  H04L61/4511

Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.