-
公开(公告)号:US20190190928A1
公开(公告)日:2019-06-20
申请号:US15848150
申请日:2017-12-20
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Vincent E. Parla , Jan Jusko , Martin Grill , Martin Vejman
CPC classification number: H04L63/1416 , G06F21/44 , G06F21/52 , G06F21/55 , G06F21/554 , H04L9/3242 , H04L63/0428 , H04L63/0876 , H04L63/1425 , H04L63/1466
Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
-
公开(公告)号:US10257214B2
公开(公告)日:2019-04-09
申请号:US15191152
申请日:2016-06-23
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , K. Tirumaleswar Reddy , Prashanth Patil , Daniel G. Wing
IPC: G06F17/00 , G06F12/14 , H04L9/32 , G06F11/30 , G06F7/00 , G06F15/18 , H04L29/06 , H04L12/833 , H04L12/851 , H04L12/46 , G06N99/00 , H04L12/24 , H04L12/26
Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.
-
公开(公告)号:US20180152467A1
公开(公告)日:2018-05-31
申请号:US15364933
申请日:2016-11-30
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew
IPC: H04L29/06 , H04L12/24 , H04L12/851 , G06N99/00
CPC classification number: H04L63/1425 , G06N20/00 , H04L41/16 , H04L47/2441 , H04L63/1458 , H04L63/306 , H04L2463/141 , H04L2463/144
Abstract: In one embodiment, a device in a network receives traffic data regarding a plurality of observed traffic flows. The device maps one or more characteristics of the observed traffic flows from the traffic data to traffic characteristics associated with a targeted deployment environment. The device generates synthetic traffic data based on the mapped traffic characteristics associated with the targeted deployment environment. The device trains a machine learning-based traffic classifier using the synthetic traffic data.
-
公开(公告)号:US12184694B2
公开(公告)日:2024-12-31
申请号:US17531063
申请日:2021-11-19
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Keith Richard Schomburg , Michael Scott Dorsey , Constantinos Kleopa
IPC: G06F21/60 , H04L9/40 , H04L65/1066 , H04L69/14 , H04L69/08
Abstract: In one embodiment, a device obtains one or more packets of a traffic session in a network. The device determines, for a particular packet of the one or more packets that match a filter, a fingerprint for the particular packet. The device identifies a plurality of traffic sessions whose packets match the fingerprint, wherein each of the plurality of traffic sessions is associated with at least one process. The device updates a process with the traffic session by applying a classifier to the plurality of traffic sessions.
-
公开(公告)号:US20240297852A1
公开(公告)日:2024-09-05
申请号:US18404403
申请日:2024-01-04
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , Andrew Chi , David Arthur McGrew , Saran Singh Ahluwalia
Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.
-
Patent Agency Ranking
公开(公告)号:US20240205244A1
公开(公告)日:2024-06-20
申请号:US18592137
申请日:2024-02-29
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
87.发明授权公开(公告)号:US11936533B2
公开(公告)日:2024-03-19
申请号:US18125955
申请日:2023-03-24
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
IPC: H04L41/28 , G06F21/55 , H04L9/40 , H04W12/12 , H04L67/143
CPC classification number: H04L41/28 , G06F21/55 , H04L63/14 , H04L63/1425 , H04L63/1441 , H04W12/12 , H04L63/20 , H04L67/143
Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
-
公开(公告)号:US11916932B2
公开(公告)日:2024-02-27
申请号:US17722131
申请日:2022-04-15
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US20240007774A1
公开(公告)日:2024-01-04
申请号:US18368969
申请日:2023-09-15
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew , Alison Kendler
CPC classification number: H04Q9/02 , H04L63/166 , H04L63/0428 , H04Q9/00 , H04L9/3066 , H04L63/0823 , H04Q2209/30
Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.
-
公开(公告)号:US11785041B2
公开(公告)日:2023-10-10
申请号:US17696081
申请日:2022-03-16
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
IPC: H04L9/40 , H04L61/4511
CPC classification number: H04L63/1441 , H04L61/4511 , H04L63/145 , H04L63/1408 , H04L63/0428 , H04L63/166
Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
-
-
-
-
-
-
-
-
Search Results
153
records
(took 0.021 seconds)
