公开(公告)号：US20250007951A1

公开(公告)日：2025-01-02

申请号：US18215644

申请日：2023-06-28

Applicant: Cisco Technology, Inc.

Inventor： Prab Radhakrishnan ,  Balaji Sundararajan ,  Ram Dular Singh ,  Vishnuprasad Raghavan

IPC: H04L9/40 ,  H04L45/42

Abstract: Techniques for extending application-aware routing (AAR) policies to enable intelligent routing decisions based on device security posture. The techniques may include receiving, from a client device, traffic that is to be sent over a network to an application and determining a security score associated with the traffic. The security score may be based on a security posture associated with the client device, a security level associated with a connectivity network used by the client device, and the like. The techniques may also include determining, based at least in part on the security score and based at least in part on an application-aware routing policy, a path for sending the traffic to the application.

公开(公告)号：US12225051B2

公开(公告)日：2025-02-11

申请号：US17876190

申请日：2022-07-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vishnuprasad Raghavan ,  Kannan Kumar ,  Ramana Babu Polamarasetti ,  Mahalakshmi Rajaram

IPC: H04L9/40

Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.

公开(公告)号：US20240303336A1

公开(公告)日：2024-09-12

申请号：US18180807

申请日：2023-03-08

Applicant: Cisco Technology, Inc.

Inventor： Deepthi Tammireddy ,  Shilpa Avinash Sodani ,  Vishnuprasad Raghavan ,  Hongqing Li

IPC: G06F21/56 ,  G06F21/55 ,  H04L9/40

CPC classification number: G06F21/566 ,  G06F21/552 ,  H04L63/1408 ,  H04L63/20

Abstract: A method of protecting networks may include detecting a compromised computing device associated with a security event generated by a unified security policy from a plurality of sites within a network. A context of the compromised computing device may be extracted. The context may be propagated to a controller. The method may further include fetching from an identity services engine (ISE), user identity associated with the compromised computing device, and provisioning the controller with a dynamic list and a data policy matching the dynamic list. The method may also include advertising the dynamic list and the data policy to at least one of the plurality of sites.

公开(公告)号：US20240106855A1

公开(公告)日：2024-03-28

申请号：US18106891

申请日：2023-02-07

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Vishnuprasad Raghavan ,  Kannan Kumar ,  Chandra Balaji Rajaram

IPC: H04L9/40

CPC classification number: H04L63/1466 ,  H04L63/0227

Abstract: This disclosure describes techniques and mechanisms for improving security within SDWAN fabric and utilizing telemetry data from non-enterprise providers to remediate compromised SDWAN site(s) and/or user(s). The techniques may implement an integration of non-enterprise application(s) and API(s) with an enterprise network, thereby enabling the enterprise network to identify compromised endpoint(s), identify user(s), group(s), site(s) that are impacted, and take a corrective action (by the enterprise network and/or the non-enterprise application(s) or API(s)) on the enterprise fabric.

公开(公告)号：US20200036717A1

公开(公告)日：2020-01-30

申请号：US16210817

申请日：2018-12-05

Applicant: Cisco Technology, Inc.

Inventor： Anand Venkata Ramana Murthy Akella ,  Vishnuprasad Raghavan ,  Vamsidhar Valluri ,  Raghuram S. Sudhaakar ,  Shesha Bhushan Sreenivasamurthy

IPC: H04L29/06 ,  H04L12/403 ,  H04L29/08

Abstract: In one embodiment, a device of a vehicle receives a packet comprising a source address, a destination address, an internet protocol (IP) encapsulated controller area network (CAN) message, and CAN message identifier information. The device compares the source address, the destination address, and the CAN message identifier information to an access control list (ACL). The device makes a determination that delivery of the CAN message to the destination address would be a policy violation based on the comparison. The device drops the packet based on the determination that delivery of the CAN message to the destination address would be a policy violation.

公开(公告)号：US20250030743A1

公开(公告)日：2025-01-23

申请号：US18356937

申请日：2023-07-21

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Kannan Kumar ,  Madhu Somu ,  Ramakumara Kariyappa ,  Kushal A Patel ,  Vishnuprasad Raghavan ,  Deepthi Tammireddy

IPC: H04L9/40 ,  H04L43/062

Abstract: Methods and systems are described herein for dynamically applying a security policy based on one or more tag attributes. The method comprises receiving, at a network controller, information about an instance of a cloud workload instantiated at a cloud provider. The cloud workload is associated with a tag attribute. The method further comprises querying the cloud provider for at least one IP address associated with the tag attribute and learning the at least one IP address associated with the tag attribute, including the IP address for the instance of the cloud workload. The method further comprises associating a security policy with the at least one IP address associated with the tag attribute and propagating the security policy to at least one edge router for implementation.

公开(公告)号：US20240039956A1

公开(公告)日：2024-02-01

申请号：US17876190

申请日：2022-07-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vishnuprasad Raghavan ,  Kannan Kumar ,  Ramana Babu Polamarasetti ,  Mahalakshmi Rajaram

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102 ,  H04L63/0236

Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.

公开(公告)号：US11025632B2

公开(公告)日：2021-06-01

申请号：US16210817

申请日：2018-12-05

Applicant: Cisco Technology, Inc.

Inventor： Anand Venkata Ramana Murthy Akella ,  Vishnuprasad Raghavan ,  Vamsidhar Valluri ,  Raghuram S. Sudhaakar ,  Shesha Bhushan Sreenivasamurthy

IPC: H04L29/06 ,  H04L12/403 ,  H04L29/08 ,  G06F21/44 ,  G06F21/60 ,  H04L12/813 ,  H04L12/40

Abstract: In one embodiment, a device of a vehicle receives a packet comprising a source address, a destination address, an internet protocol (IP) encapsulated controller area network (CAN) message, and CAN message identifier information. The device compares the source address, the destination address, and the CAN message identifier information to an access control list (ACL). The device makes a determination that delivery of the CAN message to the destination address would be a policy violation based on the comparison. The device drops the packet based on the determination that delivery of the CAN message to the destination address would be a policy violation.