公开(公告)号：US20250080530A1

公开(公告)日：2025-03-06

申请号：US18459093

申请日：2023-08-31

Applicant: Cisco Technology, Inc.

Inventor： Marco Trinelli ,  Mohamed Tahar Kedjour ,  Jean Diaconu ,  Márk Sági-Kazár ,  Sándor Szilárd Magyari

IPC: H04L9/40

Abstract: In one embodiment, a method comprises accessing information associated with a user that is trying to login to an application, generating a first session identifier corresponding to the information, sending a first notification to an authentication client that the user is trying to login using an authentication service, receiving a first request from an authentication provider for authenticating a second session identifier, determining that the second session identifier is identical to the first session identifier by comparing the second session identifier with stored first session identifier, and causing the authentication provider to patch one or more authentication tokens with the information regarding the tenant, where the one or more authentication tokens are used for accessing the application.

公开(公告)号：US20240265113A1

公开(公告)日：2024-08-08

申请号：US18330255

申请日：2023-06-06

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey M. Napper ,  Hendrikus G. P. Bosch ,  Jean Diaconu ,  Marcelo Yannuzzi ,  Alessandro Duminuco

IPC: G06F21/57 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06F2221/033

Abstract: A system and a method to determine attack paths to application assets may include storing in a memory asset inventory indicating multiple application assets, multiple attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information configured to associate each of the application assets to one or more of the application layers. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may determine feasibility parameters that indicate a likelihood of the attack path to occur in the system, generate a visual interface showing the vulnerable assets, determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers in the visual interface based at least in part upon the feasibility parameters.

公开(公告)号：US20240273187A1

公开(公告)日：2024-08-15

申请号：US18326194

申请日：2023-05-31

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Jean Diaconu ,  Jeffrey M. Napper ,  Herve Muyal ,  Hendrikus G. P. Bosch

IPC: G06F21/55 ,  G06F16/9035 ,  G06F16/907 ,  G06F21/62

CPC classification number: G06F21/552 ,  G06F16/9035 ,  G06F16/907 ,  G06F21/6254 ,  G06F2221/034

Abstract: In one embodiment, a method for storing auditable metadata, by a system, includes receiving incoming signals communicated from at least one application service to a first pod associated with a user space of a node. The method further includes extracting metadata associated with data provided by the received incoming signals. The method further includes receiving outgoing signals communicated from the first pod to an external entity, wherein the incoming signals and the outgoing signals are received by a listener module. The method further includes comparing the incoming signals to the outgoing signals to detect a variation and determining that the data has been transmitted to the external entity based on a determination that there is no detected variation from the comparison between the incoming signals and the outgoing signals.

公开(公告)号：US20240265112A1

公开(公告)日：2024-08-08

申请号：US18330214

申请日：2023-06-06

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey M. Napper ,  Hendrikus G. P. Bosch ,  Jean Diaconu ,  Marcelo Yannuzzi ,  Alessandro Duminuco ,  Guillaume Sauvage De Saint Marc ,  Marc Scibelli

IPC: G06F21/57 ,  G06F9/451

CPC classification number: G06F21/577 ,  G06F9/451 ,  G06F2221/033

Abstract: A system and a method to map attack paths in a visualization interface may include storing in a memory asset inventory indicating application assets, attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may obtain security parameters from a security framework indicating one or more attack techniques, associate each of the vulnerable assets to one or more of the security parameters, and generate a visual interface showing the vulnerable assets and the security parameters. The processor may determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers and the security parameters in the visual interface.