公开(公告)号：US11558366B2

公开(公告)日：2023-01-17

申请号：US16172694

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Aaron T. Woland ,  Adam J. O'Donnell ,  Vivek Santuka ,  Stephen M. Orr

IPC: H04L9/32 ,  H04L9/40 ,  H04W12/08

Abstract: Techniques for connecting known entities to a protected network are described. A user device with a certified application installed is authenticated with an identification repository. The authentication is accomplished using credentials associated with the certified application. The user device is also enrolled with an authentication server and the authenticated user device is connected to the protected network.

公开(公告)号：US20190272376A1

公开(公告)日：2019-09-05

申请号：US15910458

申请日：2018-03-02

Applicant: Cisco Technology, Inc.

Inventor： Aaron T. Woland ,  Vivek Santuka ,  Moses Hernandez ,  Steven H. Chimes ,  Andrew E. Ossipov

IPC: G06F21/56 ,  H04L29/06

Abstract: A method for selecting either a first malware analysis system or a second malware analysis system to analyze a file is disclosed. The method includes obtaining, at a network security element, a file sent between a first device and a second device, the file having one or more associated attributes; analyzing, at the network security element, the one or more attributes of the file; selecting, based on the analyzing, either the first malware analysis system or the second malware analysis system as a selected malware analysis system for malware analysis of the file; and providing the file to the selected malware analysis system.

公开(公告)号：US20240098084A1

公开(公告)日：2024-03-21

申请号：US17932975

申请日：2022-09-16

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Jatin Katyal ,  Prashant Chauhan

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/0876 ,  H04L61/4511 ,  H04L63/0236 ,  H04L63/0272

Abstract: In one embodiment, a method includes detecting, at a virtual authenticator in an endpoint device, a linkup event, transmitting, to a supplicant in the endpoint device, a request for an identity associated with the endpoint device, receiving, at the virtual authenticator, a response from the supplicant, wherein the response comprises the identity, receiving, from an authentication server, an authorization result, wherein the authorization result is based on authenticating the endpoint device using the received identity, and enforcing, by the virtual authenticator, the authorization result at the endpoint device.

公开(公告)号：US11818101B2

公开(公告)日：2023-11-14

申请号：US17498338

申请日：2021-10-11

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Yeneneh Elfaged Gobena ,  Hazim Hashim Dahir ,  Dhiren Tailor

IPC: H04L9/40

CPC classification number: H04L63/0272 ,  H04L63/029 ,  H04L63/0876 ,  H04L63/107 ,  H04L63/108

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

公开(公告)号：US10795998B2

公开(公告)日：2020-10-06

申请号：US15910458

申请日：2018-03-02

Applicant: Cisco Technology, Inc.

Inventor： Aaron T. Woland ,  Vivek Santuka ,  Moses Hernandez ,  Steven H. Chimes ,  Andrew E. Ossipov

IPC: G06F21/56 ,  H04L29/06

Abstract: A method for selecting either a first malware analysis system or a second malware analysis system to analyze a file is disclosed. The method includes obtaining, at a network security element, a file sent between a first device and a second device, the file having one or more associated attributes; analyzing, at the network security element, the one or more attributes of the file; selecting, based on the analyzing, either the first malware analysis system or the second malware analysis system as a selected malware analysis system for malware analysis of the file; and providing the file to the selected malware analysis system.

公开(公告)号：US10212039B1

公开(公告)日：2019-02-19

申请号：US15434859

申请日：2017-02-16

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Aaron Troy Woland ,  Pok Sze Wong ,  Jesse Ryan Dubois ,  Kannan Muthusamy

IPC: H04L12/24 ,  H04L12/26 ,  H04W12/06 ,  H04W88/02 ,  H04W84/12 ,  H04W88/08

Abstract: A management server communicates with an authentication server that authenticates endpoints, which are configured to connect wirelessly with access points (APs) controlled by respective ones of a plurality of controllers. Weights for the APs and the controllers are stored. Event logs detailing requests for authentication of the endpoints are received. For each request, roaming conditions for the endpoint that triggered the request are determined. Also, a respective weight of one or more of the AP connected with the endpoint and of the controller that controls the AP is increased by a respective amount depending on whether the roaming conditions are caused by the AP and the controller being improperly configured or properly configured. Identities of ones of the APs and the controllers having weights that exceed one or more weight thresholds each indicative of an improperly configured AP or controller are stored.

公开(公告)号：US20230114774A1

公开(公告)日：2023-04-13

申请号：US17498338

申请日：2021-10-11

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Yeneneh Elfaged Gobena ,  Hazim Hashim Dahir ,  Dhiren Tailor

IPC: H04L29/06

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

公开(公告)号：US20160277262A1

公开(公告)日：2016-09-22

申请号：US14664752

申请日：2015-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Vivek Santuka ,  Aaron Troy Woland ,  Jesse Ryan Dubois ,  Ramesh Nampelly

IPC: H04L12/26

Abstract: In one embodiment, a method includes receiving at a policy server, a request to trace a session at the policy server, tracing the session at the policy server, wherein tracing comprises running the session and identifying access results from the trace, and transmitting the access results from the policy server to a network device requesting the trace. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在策略服务器处接收跟踪策略服务器上的会话的请求，跟踪策略服务器处的会话，其中跟踪包括运行会话并从跟踪中识别访问结果，以及发送访问 从策略服务器到请求跟踪的网络设备的结果。 本文还公开了一种装置和逻辑。