公开(公告)号：US20190190961A1

公开(公告)日：2019-06-20

申请号：US15848645

申请日：2017-12-20

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  Subharthi Paul ,  William Michael Hudson, JR. ,  Philip Ryan Perricone

IPC: H04L29/06

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

公开(公告)号：US20220300330A1

公开(公告)日：2022-09-22

申请号：US17202447

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： John David White ,  Steven Joseph Rich ,  William Michael Hudson, JR. ,  Chris Allen Shenefiel

IPC: G06F9/50 ,  G06F12/14 ,  G06F12/02 ,  G06F21/62 ,  G06F21/57 ,  G06F21/78

Abstract: According to certain embodiments, a method comprises monitoring a request for use of memory requested by a container manager application on behalf of a given one of a plurality of containers during runtime of the given container. The method further comprises determining that the request for use of memory has caused an exception. The exception indicates that the request has requested an invalid operation on a memory table or that the request has requested a previously not seen memory table. In response, the method further comprises determining an action to perform. The action depends on both first trustworthiness information associated with the given container and second trustworthiness information associated with the given container. The first trustworthiness information is obtained from a Third Party Reputation Service (TPRS). The second trustworthiness information is obtained based on monitoring the runtime behavior of the given container.

公开(公告)号：US20210306256A1

公开(公告)日：2021-09-30

申请号：US16833197

申请日：2020-03-27

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Jakob Heitz ,  William Michael Hudson, JR. ,  Eric Voit

IPC: H04L12/725 ,  H04L12/715 ,  H04L9/32 ,  H04L9/06 ,  H04L29/12

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20200244648A1

公开(公告)日：2020-07-30

申请号：US16851674

申请日：2020-04-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  Subharthi Paul ,  William Michael Hudson, JR. ,  Philip Ryan Perricone

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/08 ,  H04L9/32

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

公开(公告)号：US20240333747A1

公开(公告)日：2024-10-03

申请号：US18360676

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Blake Anderson ,  Hugo Mike Latapie ,  Oleg Bessonov ,  David Arthur McGrew ,  Michael Roytman ,  Tian Bu ,  William Michael Hudson, JR. ,  Nancy Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/145

Abstract: In one aspect, a method includes creating a polymorphic variant of a sample of malware, analyzing the polymorphic variant of the sample of malware by a security management service to determine if the polymorphic variant of the sample of malware evades detection by the security management service, when the security management service fails to detect the polymorphic variant during the analysis of the polymorphic variant, detonating the polymorphic variant in a virtualized environment to identify characterizations of the polymorphic variant, and training the security management service to detect the polymorphic variant based on the characterizations.

公开(公告)号：US20240330481A1

公开(公告)日：2024-10-03

申请号：US18494521

申请日：2023-10-25

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman ,  Vincent Parla ,  Andrew Zawadowskiy ,  William Michael Hudson, JR.

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/31 ,  G06F21/552

Abstract: A system and method are provided for predicting the method of exploitation and impact/scope of software vulnerabilities, thereby enabling improved remediation of the software vulnerabilities. A machine learning (ML) method receives threat-intelligence information of the software vulnerabilities and generates a threat vector based on a security category and a data or schema category of the software vulnerability. The ML method can include a first portion constrained to predict a first intermediary result corresponding to the security category of the software vulnerability. The ML method can include a second portion constrained to predict a second intermediary result corresponding to the data or schema category of the software vulnerability.