公开(公告)号：US11522775B2

公开(公告)日：2022-12-06

申请号：US16867791

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Jackson Ngoc Ki Pang ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Supreeth Hosur Nagesh Rao ,  Sunil Kumar Gupta

IPC: G08B23/00 ,  G06F12/16 ,  G06F12/14 ,  G06F11/00 ,  H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L45/302 ,  H04L67/50

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

公开(公告)号：US11502922B2

公开(公告)日：2022-11-15

申请号：US16704559

申请日：2019-12-05

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L45/302 ,  H04L67/50

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

公开(公告)号：US11431592B2

公开(公告)日：2022-08-30

申请号：US16658621

申请日：2019-10-21

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: G06F17/00 ,  G06F15/16 ,  G06F9/00 ,  H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L67/01 ,  H04L43/026 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L67/51 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L67/75 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L61/5007 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L67/1001 ,  H04L45/302 ,  H04L67/50

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

公开(公告)号：US11252060B2

公开(公告)日：2022-02-15

申请号：US16741528

申请日：2020-01-13

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L12/24 ,  H04L12/715 ,  H04L12/723 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: A network analytics system can receive first sensor data, including first network activity and a first timestamp associated with a first clock of a first node, and second sensor data, including second network activity and a second timestamp associated with a second clock of a second node. The system can determine a first delta between the first clock and a third clock based on the first timestamp, and a second delta between the second clock and the third clock. The system can determine a first communication latency associated with a first sensor of the first node, and a second communication latency associated with a second sensor of the second node. The system can generate a report that synchronizes one or more data flows between the first node and the second node based on the first delta, the second delta, the first communication latency, and the second communication latency.

公开(公告)号：US20220006842A1

公开(公告)日：2022-01-06

申请号：US16921184

申请日：2020-07-06

Applicant: Cisco Technology, Inc.

Inventor： Alok Lalit Wadhwa ,  James Gabriel Fontenot ,  Ashutosh Kulshreshtha ,  Navindra Yadav ,  Shashidhar Gandham ,  Weifei Zeng

IPC: H04L29/06

Abstract: Disclosed herein are methods, systems, and non-transitory computer-readable storage media for scoring network segmentation policies in order to determine their effectiveness before, during and after enforcement. In one aspect, a method includes identifying one or more applications within an enterprise network; identifying at least one network security policy in association with the one or more applications within the enterprise network; determining a score of the network security policy based on information corresponding to exposure of each of the one or more applications within the enterprise network; and executing the network security policy based on the score

公开(公告)号：US20200267066A1

公开(公告)日：2020-08-20

申请号：US16867791

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Jackson Ngoc Ki Pang ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Supreeth Hosur Nagesh Rao ,  Sunil Kumar Gupta

IPC: H04L12/26 ,  G06F16/174 ,  G06F16/23 ,  G06N99/00 ,  G06F16/17 ,  G06F16/13 ,  G06F16/11 ,  G06F16/16 ,  H04L12/715 ,  H04L12/725 ,  H04L29/08 ,  H04L29/06 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  H04L12/721 ,  H04L12/833 ,  H04L12/24 ,  H04L12/851 ,  H04L12/741 ,  H04L12/801 ,  H04L12/823 ,  H04L12/813 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04L9/32 ,  H04L9/08 ,  H04W72/08 ,  H04L1/24 ,  G06F3/0484 ,  H04L12/723 ,  G06F21/53 ,  H04W84/18 ,  G06F21/56 ,  G06F21/55 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06F16/29 ,  G06N20/00 ,  G06F9/455

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

公开(公告)号：US10742529B2

公开(公告)日：2020-08-11

申请号：US16392950

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow.

公开(公告)号：US20200244554A1

公开(公告)日：2020-07-30

申请号：US16846117

申请日：2020-04-10

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L12/26 ,  G06F16/174 ,  G06F16/23 ,  G06N99/00 ,  G06F16/17 ,  G06F16/13 ,  G06F16/11 ,  G06F16/16 ,  H04L12/715 ,  H04L12/725 ,  H04L29/08 ,  H04L29/06 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  H04L12/721 ,  H04L12/833 ,  H04L12/24 ,  H04L12/851 ,  H04L12/741 ,  H04L12/801 ,  H04L12/823 ,  H04L12/813 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04L9/32 ,  H04L9/08 ,  H04W72/08 ,  H04L1/24 ,  G06F3/0484 ,  H04L12/723 ,  G06F21/53 ,  H04W84/18 ,  G06F21/56 ,  G06F21/55 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06F16/29 ,  G06N20/00 ,  G06F9/455

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

公开(公告)号：US20200228426A1

公开(公告)日：2020-07-16

申请号：US16741528

申请日：2020-01-13

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: A network analytics system can receive first sensor data, including first network activity and a first timestamp associated with a first clock of a first node, and second sensor data, including second network activity and a second timestamp associated with a second clock of a second node. The system can determine a first delta between the first clock and a third clock based on the first timestamp, and a second delta between the second clock and the third clock. The system can determine a first communication latency associated with a first sensor of the first node, and a second communication latency associated with a second sensor of the second node. The system can generate a report that synchronizes one or more data flows between the first node and the second node based on the first delta, the second delta, the first communication latency, and the second communication latency.

公开(公告)号：US20190334790A1

公开(公告)日：2019-10-31

申请号：US16173400

申请日：2018-10-29

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Abhishek Ranjan Singh ,  Vimalkumar Jeyakumar ,  Shashidhar Gandham ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  G06F16/29 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06N20/00 ,  G06F21/56 ,  G06F21/55 ,  H04L29/06 ,  H04L12/813 ,  H04L9/32 ,  H04L9/08 ,  H04L12/721 ,  G06F21/53 ,  H04L12/24 ,  H04L12/851 ,  H04L12/725 ,  H04L12/823 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04W72/08 ,  H04L1/24 ,  H04L29/08 ,  G06F3/0484 ,  H04L12/723 ,  H04L12/833 ,  H04L12/741 ,  H04L12/801 ,  H04W84/18 ,  H04L12/715 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  G06F16/11 ,  G06F16/17 ,  G06F16/13 ,  G06N99/00 ,  G06F16/16 ,  G06F16/23 ,  G06F16/174 ,  G06F9/455

Abstract: Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.