公开(公告)号：US20250039134A1

公开(公告)日：2025-01-30

申请号：US18625874

申请日：2024-04-03

Applicant: Cisco Technology, Inc.

Inventor： Eric Maximilian Roquemore

IPC: H04L9/40

Abstract: A system and method are provided for routing traffic through a network to ensure load balancing and avoid untrustworthy nodes. Based on network data (e.g., telemetry data), a machine learning model generates trust scores, which are used for routing decisions by determining preferred routes from a source to a destination. The trust scores for nodes along a potential route can be combined into a cumulative trust score. The potential route with the lowest cumulative trust score (i.e., most trustworthy) is preferred, when all other factors are equal. Traffic is routed along the preferred routes, until their capacity is exceeded. Then to achieve load balancing, traffic flows are extended to the next most preferred routes (e.g., the next lowest cumulative trust score), and so forth. When traffic flows include a mix of sensitive and non-sensitive data, the sensitive data is preferentially directed along the most preferred routes.

公开(公告)号：US20250039239A1

公开(公告)日：2025-01-30

申请号：US18752049

申请日：2024-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Eric Maximilian Roquemore ,  John Michael Lake ,  Andrew Zawadowakiy

IPC: H04L9/40

Abstract: A system and method are provided for placing security operations at selected enforcement points in a distributed security fabric. The enforcement points at which the security operations are placed can be endpoints, nodes, and/or network devices within the network. The security operations can be updated by monitoring data flows through the network to generate network data, and then determining, based on the network data, one or more changes to the security operations, based on the generated network data. Recommended changes can be obtained by applying the network data to a machine-learning model that indicates suspicious data packets (e.g., disseminates packets suspected of being malicious from normal traffic) and crafts new policies to deny the suspicious data packets. Performance of the network can also be improved by analyzing the security operations for redundancies and/or inefficiencies and modifying the security operations to mitigate them.