公开(公告)号：US11750611B2

公开(公告)日：2023-09-05

申请号：US17476861

申请日：2021-09-16

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Valentiu Vlad Santau ,  Peter Scott Davis

IPC: H04L9/40

CPC classification number: H04L63/10 ,  H04L63/029 ,  H04L63/0272 ,  H04L63/20

Abstract: Methods to securely remediate a captive portal are provided. In these methods, a processor of a user device detects a connection, via a network, to a captive portal. Based on the detected connection to the captive portal, the processor launches a dedicated secure web browser, and selectively restricts access of the user device to the network in order to only allow, via the dedicated secure web browser, communications related to remediation with the captive portal.

公开(公告)号：US20230269292A1

公开(公告)日：2023-08-24

申请号：US18122571

申请日：2023-03-16

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L41/0894 ,  H04L41/0803

CPC classification number: H04L41/0894 ,  H04L41/0803

Abstract: Techniques for operationalizing workloads at edge network nodes, while maintaining centralized intent and policy controls. The techniques may include storing, in a cloud-computing network, a workload image that includes a function capability. The techniques may also include receiving, at the cloud-computing network, a networking policy associated with an enterprise network. Based at least in part on the networking policy, a determination may be made at the cloud-computing network that the function capability is to be operationalized on an edge device of the enterprise network. The techniques may also include sending the workload image to the edge device to be installed on the edge device to operationalize the function capability. In some examples, the function capability may be a security function capability (e.g., proxy, firewall, etc.), a routing function capability (e.g., network address translation, load balancing, etc.), or any other function capability.

公开(公告)号：US20230099370A1

公开(公告)日：2023-03-30

申请号：US17487100

申请日：2021-09-28

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald MESTERY ,  Andrew ZAWADOWSKIY

IPC: H04L12/26 ,  H04L29/08 ,  H04L12/24

Abstract: In one embodiment, a monitoring engine obtains mesh flow data for traffic flows between nodes in a service mesh. The monitoring engine associates the mesh flow data with network traffic between an endpoint device and an edge of the service mesh. The monitoring engine identifies, based on the mesh flow data, a particular container workload associated with the traffic flows. The monitoring engine provides an indication that the particular container workload is associated with the network traffic between the endpoint device and the edge of the service mesh.

公开(公告)号：US10931561B2

公开(公告)日：2021-02-23

申请号：US15660208

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Valentiu Vlad Santau ,  Peter S. Davis

IPC: G06F15/16 ,  H04L12/715 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06

Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.

公开(公告)号：US20190190928A1

公开(公告)日：2019-06-20

申请号：US15848150

申请日：2017-12-20

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Vincent E. Parla ,  Jan Jusko ,  Martin Grill ,  Martin Vejman

IPC: H04L29/06 ,  G06F21/44 ,  H04L9/32

CPC classification number: H04L63/1416 ,  G06F21/44 ,  G06F21/52 ,  G06F21/55 ,  G06F21/554 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/0876 ,  H04L63/1425 ,  H04L63/1466

Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

公开(公告)号：US20180309658A1

公开(公告)日：2018-10-25

申请号：US15660208

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Valentiu Vlad Santau ,  Peter S. Davis

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/741

CPC classification number: H04L45/04 ,  H04L12/4641 ,  H04L45/54 ,  H04L45/745

Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.

公开(公告)号：US10027627B2

公开(公告)日：2018-07-17

申请号：US14877116

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Hari Shankar ,  Constantinos Kleopa ,  Venkatesh N. Gautam ,  Gerald N. A. Selvam

IPC: H04L29/00 ,  H04L29/06

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

公开(公告)号：US20180026993A1

公开(公告)日：2018-01-25

申请号：US15214905

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrey Zawadowskiy ,  Donovan O'Hara

IPC: H04L29/06

CPC classification number: H04L63/1425

Abstract: A method is disclosed in which a system compares a first set of reports characterizing network traffic flows originating from an endpoint device with a second set of reports characterizing network traffic flows originating from the endpoint device and stored at an external network device to determine whether the first set and second set of reports characterizing network traffic flows originating from an endpoint device are different. In response to determining that the first and second reports characterizing network traffic flows are different, the system identifies the network traffic flows originating from the endpoint device and reported by an external network device, but not reported by the endpoint device, as possibly indicative of malware and forwards the network traffic flows originating from the endpoint device to an analyzer for further processing. Thus, an observed difference between network traffic flows originating from an endpoint device and stored at the endpoint device and network traffic flows originating from the endpoint device and stored on an external network device are compared to detect the presence of malware residing on the endpoint device.

公开(公告)号：US09660833B2

公开(公告)日：2017-05-23

申请号：US14274220

申请日：2014-05-09

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Donovan O'Hara

IPC: H04L12/64 ,  H04L12/805 ,  H04L12/26

CPC classification number: H04L12/6418 ,  H04L43/026 ,  H04L43/0876 ,  H04L47/36

Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.

公开(公告)号：US09455909B2

公开(公告)日：2016-09-27

申请号：US14841919

申请日：2015-09-01

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Vlad Santau ,  Timothy Steven Champagne, Jr. ,  Kerry Hannigan Munz

IPC: H04L29/06 ,  H04L12/741 ,  H04L29/12

CPC classification number: H04L45/74 ,  H04L61/1511 ,  H04L61/2007 ,  H04L63/0272

Abstract: One embodiment provides selectively routing Domain Name System (DNS) request for sub-domains associated with a first network through a tunnel associated with the first network via the interface. DNS requests for sub-domains associated with a second network are selectively routed through a tunnel associated with the second network via the interface. Embodiments include replacing the destination address for DNS requests for sub-domains associated with the second network to match an address of a DNS server associated with the second network. Data representative of DNS requests for sub-domains associated with the second network is stored. Embodiments forward the DNS requests for sub-domains associated with the second network with the address of the DNS server associated with the second network.

Abstract translation: 一个实施例通过经由接口与第一网络相关联的隧道，为与第一网络相关联的子域选择性地路由域名系统（DNS）请求。 通过经由该接口与第二网络相关联的隧道选择性地路由与第二网络相关联的子域的DNS请求。 实施例包括替换与第二网络相关联的子域的DNS请求的目的地地址以匹配与第二网络相关联的DNS服务器的地址。 存储代表与第二网络相关联的子域的DNS请求的数据。 实施例将与第二网络相关联的子域的DNS请求与与第二网络相关联的DNS服务器的地址转发。