公开(公告)号：US20240214424A1

公开(公告)日：2024-06-27

申请号：US18089212

申请日：2022-12-27

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  Robert Tappenden ,  Janardhanan Radhakrishnan ,  Chandrodaya Prasad

IPC: H04L9/40

CPC classification number: H04L63/20

Abstract: Techniques for using an end-to-end policy controller to utilize an inventory of enforcement points to generate a chain of enforcement points having capabilities to enforcement individual operations of an intent-based security policy associated with an entity accessing a resource. A network controller may intelligently split an intent-based security policy and send portions thereof to enforcement points along a path configured for an entity to access a resource. For example, a portion of a security policy corresponding to an operation may be mapped to and implemented by an enforcement point having a capability to perform the operation. Once each operation of a security policy has been mapped to an enforcement point, a chain of enforcement points may be generated.

公开(公告)号：US20240214425A1

公开(公告)日：2024-06-27

申请号：US18089252

申请日：2022-12-27

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  Janardhanan Radhakrishnan ,  Robert Tappenden ,  Jared Tierney Smith

IPC: H04L9/40 ,  G06F9/451

CPC classification number: H04L63/20 ,  G06F9/451 ,  H04L63/105

Abstract: Techniques for using an end-to-end policy controller to automatically discover and inventory enforcement points in a network. A network controller may leverage data associated with network devices in a network to identify paths between source endpoints and destination endpoints to establish an inventory of enforcement points along the paths. For example, the controller may consume telemetry data indicative of network events (e.g., firewall events, IPS event logs, netflow events, etc.) to figure out where enforcement points are provisioned with respect to traffic being observed. Additionally, the SDN controller may dynamically build a network topology providing indications of roles and/or locations of enforcement points.

公开(公告)号：US12218980B2

公开(公告)日：2025-02-04

申请号：US18089212

申请日：2022-12-27

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  Robert Tappenden ,  Janardhanan Radhakrishnan ,  Chandrodaya Prasad

IPC: H04L9/40

Abstract: Techniques for using an end-to-end policy controller to utilize an inventory of enforcement points to generate a chain of enforcement points having capabilities to enforcement individual operations of an intent-based security policy associated with an entity accessing a resource. A network controller may intelligently split an intent-based security policy and send portions thereof to enforcement points along a path configured for an entity to access a resource. For example, a portion of a security policy corresponding to an operation may be mapped to and implemented by an enforcement point having a capability to perform the operation. Once each operation of a security policy has been mapped to an enforcement point, a chain of enforcement points may be generated.