公开(公告)号：US20180091540A1

公开(公告)日：2018-03-29

申请号：US15276808

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Hillel SOLOW ,  Ezra DARSHAN ,  Harel CAIN ,  Steve EPSTEIN ,  Arnold ZUCKER

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/1441

Abstract: In one embodiment, a method for assessing security posture for entities in a computing, network is implemented On a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

公开(公告)号：US20180069879A1

公开(公告)日：2018-03-08

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  H04W4/12 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US20170374082A1

公开(公告)日：2017-12-28

申请号：US15189023

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Hillel SOLOW ,  Steve EPSTEIN ,  Ezra DARSHAN ,  Arnold ZUCKER ,  Shali MOR ,  Asaf COHEN

IPC: H04L29/06

Abstract: In one embodiment, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

公开(公告)号：US20180191757A1

公开(公告)日：2018-07-05

申请号：US15396835

申请日：2017-01-03

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Ezra GALILI

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/10 ,  G06F2221/2111 ,  H04L43/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/1408 ,  H04L67/22

Abstract: In one embodiment, a method performed by a system that includes at least one processor, the method comprising: obtaining subscriber data of a plurality of subscribers, wherein said subscriber data comprises at least one of: consumption data relating to subscribed content consumption by said plurality of subscribers, or network data relating to data transmittal via one or more computer networks by the plurality of subscribers; detecting anomalous data by comparing subscriber data of different subscribers in the plurality of subscribers; identifying one or more suspected subscribers out of the plurality of subscribers as being suspected of unauthorized subscribed content distribution, the one of more suspected subscribers being associated with the anomalous data; and providing a respective identity for the one or more suspected subscribers.

公开(公告)号：US20170262523A1

公开(公告)日：2017-09-14

申请号：US15068754

申请日：2016-03-14

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Ezra DARSHAN ,  Harel CAIN ,  Shali MOR

IPC: G06F17/30 ,  H04L29/08

CPC classification number: G06F16/285 ,  G06F16/23 ,  H04L63/0876 ,  H04L63/1483 ,  H04L67/1095 ,  H04L67/12

Abstract: In one embodiment, a device discovery system includes a data storage medium to store a clustered data structure including device signatures grouped according to clusters. Each device signature includes device information. Each cluster from a sub-set of the clusters has a different device name. The system also includes an input/output sub-system to receive, from a remote device, a first device signature describing information about a first device, and a processor to perform a decision process based on the clustered data structure with the first device signature as input yielding an output including a first device name or an indication that a name associated with the first device signature is unknown. The processor is operative to prepare a response message including data about the output. The input/output sub-system is operative to send the response message to the remote device.

公开(公告)号：US20210294820A1

公开(公告)日：2021-09-23

申请号：US17343379

申请日：2021-06-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steve EPSTEIN ,  Ezra DARSHAN ,  Harel CAIN ,  Shali MOR

IPC: G06F16/28 ,  H04L29/08 ,  G06F16/23 ,  H04L29/06

Abstract: In one embodiment, a device discovery system includes a data storage medium to store a clustered data structure including device signatures grouped according to clusters. Each device signature includes device information. Each cluster from a sub-set of the clusters has a different device name. The system also includes an input/output sub-system to receive, from a remote device, a first device signature describing information about a first device, and a processor to perform a decision process based on the clustered data structure with the first device signature as input yielding an output including a first device name or an indication that a name associated with the first device signature is unknown. The processor is operative to prepare a response message including data about the output. The input/output sub-system is operative to send the response message to the remote device.

公开(公告)号：US20170339190A1

公开(公告)日：2017-11-23

申请号：US15161313

申请日：2016-05-23

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Hillel SOLOW ,  Ezra DARSHAN

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1433

Abstract: In one embodiment, a system includes a hardware processor and a memory to store data used by the hardware processor, wherein the hardware processor is operative to calculate, for each one device of a plurality of devices, a device-specific packet inspection plan based on (a) a security vulnerability score for the one device; and (b) a damage score for the one device, wherein for each one device of the plurality of devices, the device-specific packet inspection plan includes at least one of the following (a) a percentage of a plurality of packets, destined for the one device, to be inspected for compliance with at least one intrusion detection/protection system rule and (b) instructions on which intrusion detection/protection system rules to use to inspect a multiplicity of the plurality of packets destined for the one device. Related apparatus and methods are also described.