公开(公告)号：US20200304523A1

公开(公告)日：2020-09-24

申请号：US16899190

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20200287806A1

公开(公告)日：2020-09-10

申请号：US16884449

申请日：2020-05-27

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Navindra Yadav ,  Khawar Deen ,  Jackson Pang ,  Supreeth Rao

IPC: H04L12/26 ,  H04L12/24

Abstract: An application and network analytics platform can capture comprehensive telemetry from servers and network devices operating within a network. The platform can discover flows running through the network, applications generating the flows, servers hosting the applications, computing resources provisioned and consumed by the applications, and network topology, among other insights. The platform can generate various models relating one set of application and network performance metrics to another. For example, the platform can model application latency as a function of computing resources provisioned to and/or actually used by the application, its host's total resources, and/or the distance of its host relative to other elements of the network. The platform can change the model by moving, removing, or adding elements to predict how the change affects application and network performance. In some situations, the platform can automatically act on predictions to improve application and network performance.

公开(公告)号：US10516586B2

公开(公告)日：2019-12-24

申请号：US15171836

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/801 ,  H04L29/06 ,  H04L29/08 ,  G06F16/00 ,  H04J3/00 ,  G06N99/00 ,  H04L12/701 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23

Abstract: Systems, methods, and computer-readable media for identifying bogon addresses. A system can obtain an indication of address spaces in a network. The indication can be based on route advertisements transmitted by routers associated with the network. The system can receive a report generated by a capturing agent deployed on a host. The report can identify a flow captured by the capturing agent at the host. The system can identify a network address associated with the flow and, based on the indication of address spaces, the system can determine whether the network address is within the address spaces in the network. When the network address is not within the address spaces in the network, the system can determine that the network address is a bogon address. When the network address is within the address spaces in the network, the system can determine that the network address is not a bogon address.

公开(公告)号：US20190253330A1

公开(公告)日：2019-08-15

申请号：US16392950

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC: H04L12/26 ,  G06N20/00 ,  G06F16/29 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06F21/56 ,  G06F21/55 ,  H04L29/06 ,  H04L12/813 ,  H04L9/32 ,  H04L9/08 ,  H04L12/721 ,  G06F21/53 ,  H04L12/24 ,  H04L12/851 ,  H04L12/725 ,  H04L12/823 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04W72/08 ,  H04L1/24 ,  H04L29/08 ,  G06F3/0484 ,  H04L12/723 ,  H04L12/833 ,  H04L12/741 ,  H04L12/801 ,  H04W84/18 ,  H04L12/715 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  G06F16/11 ,  G06F16/17 ,  G06F16/13 ,  G06N99/00 ,  G06F16/16 ,  G06F16/23 ,  G06F16/174 ,  G06F9/455

Abstract: Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow.

公开(公告)号：US10243817B2

公开(公告)日：2019-03-26

申请号：US15171580

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L9/00 ,  H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

公开(公告)号：US20190081959A1

公开(公告)日：2019-03-14

申请号：US16179027

申请日：2018-11-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  FNU Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US10033766B2

公开(公告)日：2018-07-24

申请号：US15133155

申请日：2016-04-19

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/26

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

公开(公告)号：US20170075710A1

公开(公告)日：2017-03-16

申请号：US14855811

申请日：2015-09-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit C. Prasad ,  Shashidhar R. Gandham ,  Navindra Yadav ,  Khawar Deen ,  Shih-Chun Chang ,  Ashutosh Kulshreshtha ,  Anubhav Gupta

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L43/12

Abstract: Methods, systems, and computer readable media are provided for determining, in a virtualized network system, a relationship of a sensor relative to other sensors. In a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data is received from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors indicating one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, and all traffic flows observed by the second group of sensors are also observed by the third group of sensors. For each respective sensor, a location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

Abstract translation: 提供了方法，系统和计算机可读介质，用于在虚拟化网络系统中确定传感器相对于其他传感器的关系。 在其中部署多个软件传感器并且其中存在一个或多个业务流的虚拟化计算系统中，从多个传感器接收捕获的网络数据，来自多个传感器中的给定传感器的所捕获的网络数据指示 由给定传感器检测到的一个或多个交通流量。 分析所接收的捕获的网络数据，以便为每个相应的传感器识别第一组传感器，第二组传感器和第三组传感器，其中由第一组传感器观察到的所有交通流也被 第二组传感器，第二组传感器观测到的所有交通流量也由第三组传感器观察到。 对于每个相应的传感器，基于各个传感器是否属于第一组传感器，第二组传感器或第三组传感器来确定每个相应传感器相对于虚拟化计算系统内的其它传感器的位置。

公开(公告)号：US20160359914A1

公开(公告)日：2016-12-08

申请号：US15095955

申请日：2016-04-11

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Signh ,  Shih-Chun Chang

IPC: H04L29/06

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: An example method includes calculating latency bounds for communications from two sensors to a collector (i.e., maximum and minimum latencies). After the collector receives an event report from the first sensor and an event report form the second sensor, the collector can determine, using the latency bounds, whether one event likely preceded the other.

Abstract translation: 示例性方法包括计算从两个传感器到收集器的通信的延迟范围（即，最大和最小延迟）。 收集器收集第一个传感器的事件报告和第二个传感器的事件报告后，收集器可以使用延迟范围确定一个事件是否可能在另一个事件之前。

公开(公告)号：US20160359913A1

公开(公告)日：2016-12-08

申请号：US15045210

申请日：2016-02-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/823 ,  H04L12/813

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

Abstract translation: 可以根据网络端点的安全性测量来定义条件策略。 在示例实施例中，网络流量监控系统可以监视端点之间的网络流，并且基于对网络流和其他数据的分析来量化这些端点的安全性。 可以创建条件策略，其在端点的安全测量是第一值或第一范围值时建立用于处理分组的一个或多个第一连接策略，以及用于处理分组的一个或多个第二连接策略。 连接策略可以包括允许连接，拒绝连接，使用特定路由重定向分组，或其他网络动作。 当网络流量监控系统检测到端点的安全性测量发生变化时，可以确定一个或多个适用的策略，并且系统可以更新网络的策略数据以执行策略。