公开(公告)号：US12107830B2

公开(公告)日：2024-10-01

申请号：US17900516

申请日：2022-08-31

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Walter T. Hulick, Jr. ,  Rachana Anubhav Soni ,  Hemamalini Subash

IPC: H04L9/40 ,  H04L69/22

CPC classification number: H04L63/0245 ,  H04L69/22

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.

公开(公告)号：US12192224B2

公开(公告)日：2025-01-07

申请号：US17823256

申请日：2022-08-30

Applicant: Cisco Technology Inc.

Inventor： Walter T. Hulick, Jr. ,  Ashutosh Kulshreshtha

IPC: H04L9/40

Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.

公开(公告)号：US11601393B1

公开(公告)日：2023-03-07

申请号：US17493099

申请日：2021-10-04

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Akram Ismail Sheriff ,  Guy Keinan ,  Walter T. Hulick, Jr.

IPC: H04L61/4511

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

公开(公告)号：US11985107B2

公开(公告)日：2024-05-14

申请号：US18163979

申请日：2023-02-03

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Akram Ismail Sheriff ,  Guy Keinan ,  Walter T. Hulick, Jr.

IPC: H04L61/4511

CPC classification number: H04L61/4511

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

公开(公告)号：US11973843B2

公开(公告)日：2024-04-30

申请号：US17846146

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Walter T. Hulick, Jr. ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L67/50 ,  G06Q10/10 ,  H04L67/10 ,  H04L67/1396

CPC classification number: H04L67/535 ,  G06Q10/10 ,  H04L67/10 ,  H04L67/1396

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

公开(公告)号：US11501022B2

公开(公告)日：2022-11-15

申请号：US17076465

申请日：2020-10-21

Applicant: Cisco Technology, Inc.

Inventor： Walter T. Hulick, Jr.

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/53 ,  H04L9/40 ,  G06F11/30

Abstract: A policy generation agent automatically generates a security policy for an application and a security manager. The agent runs the application in a development environment, causing the application to request permissions from the security manager. The agent passes the permissions request to the security manager. The security manger determines whether to approve or deny the request based on a permissions policy. Responsive to a determination to deny the request, the agent generates an updated permissions policy by updating the permissions policy to approve subsequent requests for the permissions. The agent also associates the updated permissions policy with the application, and suppresses any exceptions generated by the security manager in denying the request before approving the request for the permissions in the development environment.

公开(公告)号：US10853521B2

公开(公告)日：2020-12-01

申请号：US16037141

申请日：2018-07-17

Applicant: Cisco Technology, Inc.

Inventor： Walter T. Hulick, Jr.

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/53 ,  G06F11/30

Abstract: A policy generation agent automatically generates a security policy for an application and a specified custom security manager. The agent launches an application in a development environment. The agent instantiates a development security manager based on a custom security manager defined by the application. The agent runs the application in the development environment, causing the application to request permissions from the development security manager. The development security manager passes the permissions request to the custom security manager and approves the one or more permissions. The custom security manger determines whether to approve or deny the request based on a permissions policy. Responsive to a determination to deny the request, the agent updates the permissions policy to approve subsequent requests for the permissions. The agent also associates the updated permissions policy with the application. The agent may enable different sections of the policy based on performance, security, or application stakeholder preference.

公开(公告)号：US12212477B2

公开(公告)日：2025-01-28

申请号：US18488407

申请日：2023-10-17

Applicant: Cisco Technology, Inc.

Inventor： Hans F. Ashlock ,  Cameron Esdaile ,  Walter T. Hulick, Jr. ,  Carlos M. Pignataro ,  Renato Quedas

IPC: H04L43/10 ,  H04L43/045 ,  H04L43/0817 ,  H04L43/12

Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.

公开(公告)号：US12113830B2

公开(公告)日：2024-10-08

申请号：US17216845

申请日：2021-03-30

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Walter T. Hulick, Jr. ,  Tal Maoz

IPC: H04L9/40 ,  G06F9/455 ,  G06F9/54

CPC classification number: H04L63/20 ,  G06F9/4552 ,  G06F9/547

Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.

公开(公告)号：US11924112B2

公开(公告)日：2024-03-05

申请号：US17216879

申请日：2021-03-30

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Thomas Szigeti ,  Walter T. Hulick, Jr.

IPC: H04L47/2408 ,  H04L9/40 ,  H04L47/24

CPC classification number: H04L47/2408 ,  H04L47/2458 ,  H04L63/08 ,  H04L63/1416 ,  H04L63/306 ,  H04L2463/082

Abstract: Methods and apparatuses for prioritizing transactions are disclosed. An example method of an application performance monitor (APM) comprises intercepting a first packet being transmitted in a network that is monitored by the APM; determining that the first packet is associated with a transaction of the web application that is to be provided with an alternate level of service; modifying a field in the first packet to include metadata interpretable by at least one network device in the network to cause the at least one network device to provide the alternate level of service; and injecting the first packet into the network. The APM may cause network devices to prioritize a specific transaction of an application based on importance.