公开(公告)号：US11570166B2

公开(公告)日：2023-01-31

申请号：US16851674

申请日：2020-04-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  Subharthi Paul ,  William Michael Hudson, Jr. ,  Philip Ryan Perricone

IPC: H04L9/40 ,  G06F21/55 ,  H04L67/141 ,  H04L9/32

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

公开(公告)号：US12277446B2

公开(公告)日：2025-04-15

申请号：US17202447

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： John David White ,  Steven Joseph Rich ,  William Michael Hudson, Jr. ,  Chris Allen Shenefiel

IPC: G06F9/50 ,  G06F12/02 ,  G06F12/14 ,  G06F21/57 ,  G06F21/62 ,  G06F21/78

Abstract: According to certain embodiments, a method comprises monitoring a request for use of memory requested by a container manager application on behalf of a given one of a plurality of containers during runtime of the given container. The method further comprises determining that the request for use of memory has caused an exception. The exception indicates that the request has requested an invalid operation on a memory table or that the request has requested a previously not seen memory table. In response, the method further comprises determining an action to perform. The action depends on both first trustworthiness information associated with the given container and second trustworthiness information associated with the given container. The first trustworthiness information is obtained from a Third Party Reputation Service (TPRS). The second trustworthiness information is obtained based on monitoring the runtime behavior of the given container.

公开(公告)号：US10666640B2

公开(公告)日：2020-05-26

申请号：US15848645

申请日：2017-12-20

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  Subharthi Paul ,  William Michael Hudson, Jr. ,  Philip Ryan Perricone

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/08 ,  H04L9/32

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

公开(公告)号：US11316780B2

公开(公告)日：2022-04-26

申请号：US16833197

申请日：2020-03-27

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Jakob Heitz ,  William Michael Hudson, Jr. ,  Eric Voit

IPC: H04L29/12 ,  H04L9/32 ,  H04L9/06 ,  H04L12/725 ,  H04L12/715 ,  H04L45/302 ,  H04L45/00 ,  H04L101/622

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.