-
公开(公告)号:US12088607B2
公开(公告)日:2024-09-10
申请号:US18592137
申请日:2024-02-29
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
2.发明授权公开(公告)号:US10536268B2
公开(公告)日:2020-01-14
申请号:US15692288
申请日:2017-08-31
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , Andrew Chi , David McGrew , Scott William Dunlop
Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.
-
公开(公告)号:US20240154979A1
公开(公告)日:2024-05-09
申请号:US18416439
申请日:2024-01-18
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
4.发明授权公开(公告)号:US11196546B2
公开(公告)日:2021-12-07
申请号:US16701373
申请日:2019-12-03
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , Andrew Chi , David McGrew , Scott William Dunlop
Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.
-
公开(公告)号:US11310246B2
公开(公告)日:2022-04-19
申请号:US16100361
申请日:2018-08-10
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L29/06
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20220094529A1
公开(公告)日:2022-03-24
申请号:US17543427
申请日:2021-12-06
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , Andrew Chi , David McGrew , Scott William Dunlop
Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.
-
公开(公告)号:US20200053103A1
公开(公告)日:2020-02-13
申请号:US16100361
申请日:2018-08-10
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L29/06
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US20240205244A1
公开(公告)日:2024-06-20
申请号:US18592137
申请日:2024-02-29
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US11916932B2
公开(公告)日:2024-02-27
申请号:US17722131
申请日:2022-04-15
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US20220239678A1
公开(公告)日:2022-07-28
申请号:US17722131
申请日:2022-04-15
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.015 seconds)
