公开(公告)号：US20250039239A1

公开(公告)日：2025-01-30

申请号：US18752049

申请日：2024-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Eric Maximilian Roquemore ,  John Michael Lake ,  Andrew Zawadowakiy

IPC: H04L9/40

Abstract: A system and method are provided for placing security operations at selected enforcement points in a distributed security fabric. The enforcement points at which the security operations are placed can be endpoints, nodes, and/or network devices within the network. The security operations can be updated by monitoring data flows through the network to generate network data, and then determining, based on the network data, one or more changes to the security operations, based on the generated network data. Recommended changes can be obtained by applying the network data to a machine-learning model that indicates suspicious data packets (e.g., disseminates packets suspected of being malicious from normal traffic) and crafts new policies to deny the suspicious data packets. Performance of the network can also be improved by analyzing the security operations for redundancies and/or inefficiencies and modifying the security operations to mitigate them.