公开(公告)号：US20190007456A1

公开(公告)日：2019-01-03

申请号：US15639366

申请日：2017-06-30

Applicant: Juniper Networks, Inc.

Inventor： Srinivas NIMMAGADDA ,  Rakesh Kumar ,  Prakash T. Seshadri ,  Sriram Subramanian

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/102

Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.

公开(公告)号：US20180288078A1

公开(公告)日：2018-10-04

申请号：US15942530

申请日：2018-04-01

Applicant: Juniper Networks, Inc.

Inventor： Karthik Ragunath Balasundaram ,  Prakash T. Seshadri ,  Daniel J. Quinlan ,  Volodymyr Kuznetsov ,  Rakesh Kumar

IPC: H04L29/06 ,  G06F21/56

Abstract: A security platform may determine mapped attribute information associated with a plurality of host identifiers. The mapped attribute information may include information that identifies a set of related attributes. The security platform may determine, based on the mapped attribute information, that a host device is associated with at least two host identifiers of the plurality of host identifiers. The security platform may aggregate, based on the at two least host identifiers, threat information as aggregated threat information associated with the host device. The security platform may classify the host device as an infected device or a suspicious device based on the aggregated threat information.

公开(公告)号：US10944793B2

公开(公告)日：2021-03-09

申请号：US15637789

申请日：2017-06-29

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Nimmagadda ,  Rakesh Kumar ,  Prakash T. Seshadri

IPC: G06F21/60 ,  H04L12/851 ,  H04L12/801 ,  H04L12/813 ,  H04L29/06 ,  G06N5/02

Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.

公开(公告)号：US10771506B1

公开(公告)日：2020-09-08

申请号：US15664989

申请日：2017-07-31

Applicant: Juniper Networks, Inc.

Inventor： Rakesh Kumar ,  Srinivas Nimmagadda ,  Prakash T. Seshadri ,  Moloy K. Chatterjee ,  Mihir S. Maniar ,  Rakesh Manocha

IPC: H04L29/06 ,  G06N20/00

Abstract: A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device.

公开(公告)号：US10455449B1

公开(公告)日：2019-10-22

申请号：US14865605

申请日：2015-09-25

Applicant: Juniper Networks, Inc.

Inventor： Dilip H. Sanghavi ,  Rakesh Kumar ,  Saravanadas P. Subramanian ,  Jwala Dinesh Gupta Chakka

IPC: H04W28/08 ,  H04L29/06 ,  H04W12/06 ,  H04W76/11

Abstract: A device may perform dynamic load balancing to identify one or more service devices, of a group of service devices, that is to apply a set of network services to traffic associated with a session of a subscriber device. The device may provide outgoing traffic, associated with the session, to the one or more service devices based on identifying the one or more service devices. The outgoing traffic may be provided to cause the one or more service devices to apply the set of network services to the outgoing traffic. The device may provide, to another device, information that identifies the one or more service devices. The information that identifies the one or more service devices may be provided to cause the other device to provide incoming traffic, associated with the session, to the one or more service devices to apply the set of network services to the incoming traffic.

公开(公告)号：US20190007454A1

公开(公告)日：2019-01-03

申请号：US15637806

申请日：2017-06-29

Applicant: Juniper Networks, Inc.

Inventor： Srinivas NIMMAGADDA ,  Rakesh Kumar ,  Prakash T. Seshadri

IPC: H04L29/06

Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.

公开(公告)号：US11457043B2

公开(公告)日：2022-09-27

申请号：US16731167

申请日：2019-12-31

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Nimmagadda ,  Rakesh Kumar ,  Prakash T. Seshadri ,  Sriram Subramanian

IPC: H04L9/40

Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.

公开(公告)号：US10547644B2

公开(公告)日：2020-01-28

申请号：US15639366

申请日：2017-06-30

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Nimmagadda ,  Rakesh Kumar ,  Prakash T. Seshadri ,  Sriram Subramanian

IPC: H04L29/06

Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.

公开(公告)号：US20190007453A1

公开(公告)日：2019-01-03

申请号：US15637789

申请日：2017-06-29

Applicant: Juniper Networks, Inc.

Inventor： Srinivas NIMMAGADDA ,  Rakesh Kumar ,  Prakash T. Seshadri

IPC: H04L29/06

Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.

公开(公告)号：US11070589B2

公开(公告)日：2021-07-20

申请号：US15637806

申请日：2017-06-29

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Nimmagadda ,  Rakesh Kumar ,  Prakash T. Seshadri

IPC: H04L29/06 ,  H04L12/851 ,  G06F21/55

Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.