公开(公告)号：US10855705B2

公开(公告)日：2020-12-01

申请号：US15720553

申请日：2017-09-29

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  Darrin Joseph Miller ,  Sunil Navinchandra Amin ,  Paul Wayne Bigbee

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/50 ,  G06F21/55 ,  H04L12/26

Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.

公开(公告)号：US20190199753A1

公开(公告)日：2019-06-27

申请号：US15854879

申请日：2017-12-27

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  David McGrew ,  Timothy David Keanini ,  Sunil Amin ,  Ellie Marie Daw

IPC: H04L29/06

Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.

公开(公告)号：US20190104144A1

公开(公告)日：2019-04-04

申请号：US15720553

申请日：2017-09-29

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  Darrin Joseph Miller ,  Sunil Navinchandra Amin ,  Paul Wayne Bigbee

IPC: H04L29/06 ,  H04L12/24

Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.

公开(公告)号：US11888900B2

公开(公告)日：2024-01-30

申请号：US16857607

申请日：2020-04-24

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  David McGrew ,  Timothy David Keanini ,  Sunil Amin ,  Ellie Marie Daw

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06

CPC classification number: H04L63/20 ,  H04L9/088 ,  H04L9/0825 ,  H04L9/0844 ,  H04L9/3268 ,  H04L63/105 ,  H04L9/0643

Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.

公开(公告)号：US20200252435A1

公开(公告)日：2020-08-06

申请号：US16857607

申请日：2020-04-24

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  David McGrew ,  Timothy David Keanini ,  Sunil Amin ,  Ellie Marie Daw

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.

公开(公告)号：US10673901B2

公开(公告)日：2020-06-02

申请号：US15854879

申请日：2017-12-27

Applicant: Cisco Technology, Inc.

Inventor： Matthew Scott Robertson ,  David McGrew ,  Timothy David Keanini ,  Sunil Amin ,  Ellie Marie Daw

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06

Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.