公开(公告)号：WO2016196684A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/035349

申请日：2016-06-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： CHANG, Shih-Chun ,  PANG, Jackson Ngoc Ki ,  MALHOTRA, Varun Sagar ,  VU, Hai Trong ,  SPADARO, Roberto Fernando ,  KULSHRESHTHA, Ashutosh ,  YADAV, Navindra

IPC: H04L29/06 ,  G06F9/445 ,  G06F9/44 ,  G06F21/44

CPC classification number: G06F8/65 ,  G06F21/57 ,  H04L63/12

Abstract: Systems, methods, and computer-readable media are provided for automatically downloading and launching a new version of software package on components in a network environment. In some examples, an upgrade server of a network environment keeps a copy of all versions of software packages running on nodes or sensors of the network environment, identifications of corresponding nodes or sensors, and public keys associated with the software packages. The upgrade server can authenticate a new version of a software package using a two-step process.

Abstract translation: 提供了系统，方法和计算机可读介质，用于在网络环境中的组件上自动下载和启动软件包的新版本。 在一些示例中，网络环境的升级服务器保留运行在网络环境的节点或传感器上的所有版本的软件包的副本，相应节点或传感器的标识以及与软件包相关联的公钥。 升级服务器可以使用两步过程来验证软件包的新版本。

公开(公告)号：WO2022046565A1

公开(公告)日：2022-03-03

申请号：PCT/US2021/046979

申请日：2021-08-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PANG, Jackson Ngoc Ki ,  KULSHRESHTHA, Ashutosh ,  NARAYAN, Preethi ,  THAKKAR, Vishal Jaswant ,  RAHADIAN, Aria ,  ZHANG, Zhiwen

IPC: G06F21/57 ,  H04L29/06

Abstract: The present disclosure provides systems, methods, and computer-readable media for determining an objective measure of breach exposure of Application Programming Interface (API) infrastructure for microservices. In one aspect, a method includes analyzing header information of Application Programming Interface (API) call stacks between microservices; determining, for each API call stack, corresponding security key information based on the header information; determining location information of each of the microservices; and determining a vulnerability score for each of the microservices based on the corresponding security key information and corresponding location information of each of the microservices.

公开(公告)号：WO2018183422A1

公开(公告)日：2018-10-04

申请号：PCT/US2018/024730

申请日：2018-03-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KULSHRESHTHA, Ashutosh ,  MADANI, Omid ,  JEYAKUMAR, Vimal ,  YADAV, Navindra ,  PARANDEHGHEIBI, Ali ,  SLOANE, Andy ,  CHANG, Kai ,  DEEN, Khawar ,  CHANG, Shih-Chun ,  VU, Hai

IPC: H04L12/26 ,  G06F11/34 ,  H04L29/06

Abstract: An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：WO2022005816A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/038470

申请日：2021-06-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SLOANE, Andy ,  KULSHRESHTHA, Ashutosh ,  PATEL, Hiral Shashikant ,  JEYAKUMAR, Vimal ,  YADAV, Navindra ,  BALUS, Florin Stelian

IPC: G06F21/57 ,  G06F21/55 ,  G06F16/24578 ,  G06F16/353 ,  G06F16/953 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/033 ,  G06N20/00 ,  G06N5/04

Abstract: Systems, methods, and computer-readable for identifying known vulnerabilities in a software product include determining a set of one or more processed words based on applying text classification to one or more names associated with a product, where the text classification is based on analyzing a database of names associated with a database of products. Similarity scores are determined between the set of one or more processed words and names associated with one or more known vulnerabilities maintained in a database of known vulnerabilities in products. Equivalence mapping is performed between the one or more names associated with the product and the one or more known vulnerabilities, based on the similarity scores. Known vulnerabilities in the product are identified based on the equivalence mapping.

公开(公告)号：WO2016196686A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/035351

申请日：2016-06-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUPTA, Sunil Kumar ,  YADAV, Navindra ,  WATTS, Michael Standish ,  PARANDEHGHEIBI, Ali ,  GANDHAM, Shashidhar ,  KULSHRESHTHA, Ashutosh ,  DEEN, Khawar

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L43/04

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

Abstract translation: 网络可以通过定义和实施一组网络策略来实现合规性，以保护受保护的电子信息。 该网络可以使用提供多个视角的传感器网络来监控网络数据，主机/端点数据，过程数据和流量的用户数据。 传感器网络可以包括用于网络设备，物理服务器，虚拟机管理程序或共享内核，虚拟分区和其他网络组件的传感器。 网络可以分析网络数据，主机/端点数据，过程数据和用户数据，以确定流量策略。 网络可以基于策略来确定预期的网络动作，例如允许流量，拒绝流量，为服务质量（QoS）配置流量，或者沿特定路由重定向流量。 网络可以根据预期的网络动作和实际的网络动作来更新策略数据。 政策数据可以用于遵守。

公开(公告)号：WO2022060625A1

公开(公告)日：2022-03-24

申请号：PCT/US2021/049678

申请日：2021-09-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KULSHRESHTHA, Ashutosh ,  SLOANE, Andy ,  PATEL, Hiral Shashikant ,  CHETTIAR, Uday Krishnaswamy ,  KEMPE, Oliver ,  VISWANATHAN, Bharathwaj Sankara ,  YADAV, Navindra

IPC: G06F21/50

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

公开(公告)号：WO2022010647A1

公开(公告)日：2022-01-13

申请号：PCT/US2021/038486

申请日：2021-06-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WADHWA, Alok Lalit ,  FONTENOT, James Gabriel ,  KULSHRESHTHA, Ashutosh ,  YADAV, Navindra ,  GANDHAM, Shashidhar ,  ZENG, Weifei

IPC: H04L29/06 ,  G06F21/57

Abstract: Disclosed herein are methods, systems, and non-transitory computer-readable storage media for scoring network segmentation policies in order to determine their effectiveness before, during and after enforcement. In one aspect, a method includes identifying one or more applications within an enterprise network; identifying at least one network security policy in association with the one or more applications within the enterprise network; determining a score of the network security policy based on information corresponding to exposure of each of the one or more applications within the enterprise network; and executing the network security policy based on the score.

公开(公告)号：WO2016196683A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/035348

申请日：2016-06-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： YADAV, Navindra ,  SINGH, Abhishek Ranjan ,  GANDHAM, Shashidhar ,  SCHEIB, Ellen Christine ,  MADANI, Omid ,  PARANDEHGHEIBI, Ali ,  PANG, Jackson Ngoc Ki ,  JEYAKUMAR, Vimalkumar ,  WATTS, Michael Standish ,  NGUYEN, Hoang Viet ,  DEEN, Khawar ,  PRASAD, Rohit Chandra ,  GUPTA, Sunil Kumar ,  RAO, Supreeth Hosur Nagesh ,  GUPTA, Anubhav ,  KULSHRESHTHA, Ashutosh ,  SPADARO, Roberto Fernando ,  VU, Hai Trong ,  MALHOTRA, Varun Sagar ,  CHANG, Shih-Chun ,  VISWANATHAN, Bharathwaj Sankara ,  RACHITA AGASTHY, Fnu ,  BARLOW, Duane Thomas

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract translation: 示例性方法包括在整个数据中心中检测，使用传感器分组。 然后，传感器可以将数据包日志发送到各种收集器，然后可以识别和汇总数据中心中的数据流。 然后，收集器可以将流日志发送到分析模块，分析模块可以识别数据中心的状态并检测攻击。

公开(公告)号：EP3982259A1

公开(公告)日：2022-04-13

申请号：EP21190461.0

申请日：2016-06-01

Applicant: Cisco Technology, Inc.

Inventor： GUPTA, Sunil Kumar ,  YADAV, Navindra ,  WATTS, Michael Standish ,  PARANDEHGHEIBI, Ali ,  GANDHAM, Shashidhar ,  KULSHRESHTHA, Ashutosh ,  DEEN, Khawar

IPC: G06F9/445 ,  G06F9/44 ,  G06F21/44 ,  H04L43/04

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

公开(公告)号：EP3304824B1

公开(公告)日：2019-12-11

申请号：EP16729446.1

申请日：2016-06-01

Applicant: Cisco Technology, Inc.

Inventor： GUPTA, Sunil Kumar ,  YADAV, Navindra ,  WATTS, Michael Standish ,  PARANDEHGHEIBI, Ali ,  GANDHAM, Shashidhar ,  KULSHRESHTHA, Ashutosh ,  DEEN, Khawar

IPC: H04L12/26 ,  H04L29/06