公开(公告)号：US20240388595A1

公开(公告)日：2024-11-21

申请号：US18318198

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Robert Edgar Barton ,  Edward Albert Warnicke ,  Flemming S. Andreasen

IPC: H04L9/40

Abstract: Techniques are described herein for determining and mitigating a risk to an organization associated with a security threat. In embodiments, such techniques may be performed by an access control device and may comprise receiving information about a security threat, identifying one or more components that are susceptible to the security threat, determining, based on a software bill of materials, a number of software applications associated with the one or more components, determining, based on usage metrics stored in relation to the number of software applications in relation to an organization, a risk value associated with the organization, and providing the risk value to at least one second electronic device.

公开(公告)号：US20240364669A1

公开(公告)日：2024-10-31

申请号：US18139871

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： William Mark Townsley ,  Edward Albert Warnicke ,  Jerome Tollet ,  Aloys Augustin ,  Andrew Yourtchenko ,  Giles Douglas Yorke Heron

IPC: H04L9/40 ,  H04L45/24 ,  H04L45/745

CPC classification number: H04L63/0485 ,  H04L45/24 ,  H04L45/745

Abstract: Techniques for routing Internet Protocol security (IPsec) data packets. An index is assigned to a Security Parameter Index (SPI) header of the IPsec data packet. The index includes information for routing the data packet to a particular Encapsulating Security Payload (ESP) processor. The data packet can be routed using techniques that are analogous to conventional routing protocols such as IPv4 routing protocol. This allows the data packet to be routed using less expensive routing protocols rather than relying solely on more expensive load balancing techniques to route the data packet. This also advantageously allows the data packet to be routed employing routing techniques developed over decades of routing protocol development.

公开(公告)号：US20240333734A1

公开(公告)日：2024-10-03

申请号：US18128978

申请日：2023-03-30

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Bhavik Pradeep Shah ,  Thomas Szigeti ,  Nancy Patricia Cam-Winget ,  Edward Albert Warnicke

IPC: H04L9/40 ,  H04L41/0631

CPC classification number: H04L63/1425 ,  H04L41/065

Abstract: This disclosure describes techniques for escalating a security policy based on anomalous behavior. An example method includes identifying first behaviors associated with a first user and identifying a cluster comprising the first behaviors and second behaviors associated with at least one second user. The first user and the at least one second user are within a predetermined group within an organization. The example method further includes determining that a third behavior of a device associated with the first user is greater than a threshold distance from the cluster and outputting an alert.

公开(公告)号：US10050842B2

公开(公告)日：2018-08-14

申请号：US14339312

申请日：2014-07-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Samer Salam ,  Eric A. Voit ,  Ludwig Alexander Clemm ,  Edward Albert Warnicke

IPC: G06F17/30 ,  H04L12/24

Abstract: An example method for facilitating network control and management using semantic reasoners in a network environment is provided and includes generating a fully populated semantics model of the network from network data according to a base network ontology of the network, mapping the fully populated semantics model to a network knowledge base, feeding contents of the network knowledge base to a semantic reasoner, and controlling and managing the network using the semantic reasoner. In specific embodiments, generating the model includes receiving the network data from the network, parsing the network data, loading the parsed network data into in-memory data structures, accessing a manifest specifying binding between a network data definition format and ontology components of the base network ontology, identifying ontology components associated with the network data based on the manifest, and populating the identified ontology components with individuals and properties from the corresponding data structures.

公开(公告)号：US20160149760A1

公开(公告)日：2016-05-26

申请号：US14549328

申请日：2014-11-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Eric A. Voit ,  Edward Albert Warnicke ,  Ludwig Alexander Clemm ,  Samer Salam

IPC: H04L12/24 ,  G06F17/30

CPC classification number: H04L41/0813 ,  H04L41/0873 ,  H04L41/0893

Abstract: An example method for facilitating multi-stage convergence and intent revocation in a network environment is provided and includes sending an intent support request for an intent to a plurality of targets in a network, receiving intent pre-commits from a portion of the plurality of targets and intent pre-aborts from a remaining portion of the plurality of targets, each intent pre-commit indicative of ability to support the intent, and each intent pre-abort indicative of inability to support the intent, determining whether the intent is to be added to the domain in view of potentially impacted intents, and instructing the plurality of targets to commit to the intent if the intent is to be added to the domain.

Abstract translation: 提供了一种用于促进网络环境中的多阶段收敛和意图撤销的示例性方法，包括向网络中的多个目标发送意图的意图支持请求，从多个目标的一部分接收意图预提交 并且意图从多个目标的剩余部分预先中止，每个意图预先表示支持意图的能力，以及每个意图预先中止，指示不能支持意图，确定是否添加意图 考虑到可能受影响的意图的域，并且如果意图被添加到域，则指示多个目标提交意图。

公开(公告)号：US20160026631A1

公开(公告)日：2016-01-28

申请号：US14339312

申请日：2014-07-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Samer Salam ,  Eric A. Voit ,  Ludwig Alexander Clemm ,  Edward Albert Warnicke

IPC: G06F17/30

CPC classification number: H04L41/145 ,  H04L41/0803 ,  H04L41/16

Abstract: An example method for facilitating network control and management using semantic reasoners in a network environment is provided and includes generating a fully populated semantics model of the network from network data according to a base network ontology of the network, mapping the fully populated semantics model to a network knowledge base, feeding contents of the network knowledge base to a semantic reasoner, and controlling and managing the network using the semantic reasoner. In specific embodiments, generating the model includes receiving the network data from the network, parsing the network data, loading the parsed network data into in-memory data structures, accessing a manifest specifying binding between a network data definition format and ontology components of the base network ontology, identifying ontology components associated with the network data based on the manifest, and populating the identified ontology components with individuals and properties from the corresponding data structures.

Abstract translation: 提供了一种用于在网络环境中使用语义推理器来促进网络控制和管理的示例性方法，并且包括根据网络的基本网络本体从网络数据生成完全填充的网络语义模型，将完全填充的语义模型映射到 网络知识库，将网络知识库的内容提供给语义推理器，并使用语义推理器来控制和管理网络。 在具体实施例中，生成模型包括从网络接收网络数据，解析网络数据，将解析的网络数据加载到存储器内数据结构中，访问指定网络数据定义格式与基础本体组件之间的绑定的清单 网络本体，基于清单识别与网络数据相关联的本体组件，以及从相应的数据结构用个人和属性填充所识别的本体组件。

公开(公告)号：US12219037B2

公开(公告)日：2025-02-04

申请号：US18298789

申请日：2023-04-11

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  Edward Albert Warnicke

IPC: G06F15/16 ,  H04L67/02 ,  H04L69/22

Abstract: A method of managing data streaming processes may include at a processing device, computing hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a first network interface controller (NIC) into a first control message and a second control message, and transmitting the first control message to the first NIC associated with the processing device. The method may further include transmitting the second control message to a second NIC associated with the processing device, and with the first control message and the second control message, transmitting data directly between the first NIC and the second NIC.

公开(公告)号：US20240348708A1

公开(公告)日：2024-10-17

申请号：US18298789

申请日：2023-04-11

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  Edward Albert Warnicke

IPC: H04L69/22 ,  H04L67/02

CPC classification number: H04L69/22 ,  H04L67/02

Abstract: A method of managing data streaming processes may include at a processing device, computing hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a first network interface controller (NIC) into a first control message and a second control message, and transmitting the first control message to the first NIC associated with the processing device. The method may further include transmitting the second control message to a second NIC associated with the processing device, and with the first control message and the second control message, transmitting data directly between the first NIC and the second NIC.

公开(公告)号：US20240348676A1

公开(公告)日：2024-10-17

申请号：US18298838

申请日：2023-04-11

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  Edward Albert Warnicke

IPC: H04L67/02 ,  G06F3/06 ,  H04L67/568

CPC classification number: H04L67/02 ,  G06F3/0604 ,  G06F3/0655 ,  G06F3/0679 ,  H04L67/568

Abstract: A method of managing data storage processes may include, at a processing device, computing a hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a network interface controller (NIC) device into a non-volatile memory express (NVMe) message, transmitting the NVMe message to a device associated with the processing device, and with the NVMe message, transmitting data directly between a NIC and the data storage device.

公开(公告)号：US12010001B2

公开(公告)日：2024-06-11

申请号：US18234252

申请日：2023-08-15

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez-Natal ,  Edward Albert Warnicke ,  Saswat Praharaj ,  Fabio R. Maino

IPC: H04L43/026 ,  H04L43/10

CPC classification number: H04L43/026 ,  H04L43/10

Abstract: Techniques for extending network elements to inspect, extract, and complement tracing information added to L7 flows by application distributed tracing systems. The techniques may include receiving a Layer-7 (L7) message of an L7 flow associated with a distributed application and determining that the L7 message includes tracing information. In some examples, the tracing information may be mapped to a marking that is to be included in a Layer 3 (L3) or Layer-4 (L4) packet carrying the L7 message, and the L3 or L4 packet including the marking may be sent to an L3 or L4 network element. In some examples, the L3 or L4 network element may be configured to utilize the marking to determine a network decision for the L3 or L4 packet.