Patents by Inventor Saravanan Radhakrishnan
Saravanan Radhakrishnan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11985110Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: GrantFiled: September 14, 2022Date of Patent: May 14, 2024Assignee: Cisco Technology, Inc.Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Patent number: 11902804Abstract: The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.Type: GrantFiled: January 4, 2022Date of Patent: February 13, 2024Assignee: Cisco Technology, Inc.Inventors: Rajesh Indira Viswambharan, Saravanan Radhakrishnan, Girish Thimmalapura Shivanna, Mahaveer Jain, Rishi Kant, Sarthak Udai Singh
-
Patent number: 11870755Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.Type: GrantFiled: October 26, 2021Date of Patent: January 9, 2024Assignee: Cisco Technology, Inc.Inventors: Vamsidhar Valluri, Saravanan Radhakrishnan, Anand Oswal, Vinay Prabhu, Sarah Adelaide Evans, Suraj Rangaswamy
-
Publication number: 20230367563Abstract: In one embodiment, an illustrative method herein may comprise: determining, by a process, a tenant-specific policy for creation of low-code applications; dynamically computing, by the process and based on the tenant-specific policy and one or more parameters associated with a particular low-code application to be created, one or more injectable low-code tasks for the particular low-code application; determining, by the process, a plurality of selected injectable low-code tasks from the one or more injectable low-code tasks; and creating, by the process, the particular low-code application by injecting the plurality of selected injectable low-code tasks into the particular low-code application for execution.Type: ApplicationFiled: May 16, 2022Publication date: November 16, 2023Inventors: Rajesh Indira Viswambharan, Saravanan RADHAKRISHNAN, Salmanul FARIS K, Vinay SAINI, Ram Mohan RAVINDRANATH
-
Patent number: 11777966Abstract: Systems and methods for causation analysis of network anomalies in a network include detecting an alarm condition at a network device, the alarm condition pertaining to an anomaly or increase in a traffic condition such as packet loss. A dominant key is identified in each of one or more key types which contributed to the alarm condition, the key types including dimensions of traffic flow. Two or more dominant keys of two or more key types are aggregated and clustered to determine a combination of dominant keys which contributed to the alarm condition. A dominant traffic flow comprising the combination of dominant keys which contributed to the alarm condition is identified based on the aggregation and clustering. Malware or security threats can be identified from detecting a dominant source IP address or host which contributed to a predominant number of packet drops or retransmissions at ports of the network.Type: GrantFiled: November 25, 2019Date of Patent: October 3, 2023Assignee: Cisco Technology, Inc.Inventors: Yu Jiang, Saravanan Radhakrishnan, Jeffrey Cai, Yuefeng Jiang
-
Publication number: 20230262525Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.Type: ApplicationFiled: August 8, 2022Publication date: August 17, 2023Inventors: Gangadharan Byju Pularikkal, Einar Nilsen-Nygaard, Vivek Agarwal, Ajeet Pal Singh Gill, Ravi Sankar Mantha, Saravanan Radhakrishnan
-
Patent number: 11711308Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.Type: GrantFiled: March 14, 2022Date of Patent: July 25, 2023Assignee: Cisco Technology, Inc.Inventors: Michael Joseph Stepanek, Costas Kleopa, David McGrew, Blake Harrell Anderson, Saravanan Radhakrishnan
-
Patent number: 11700275Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: June 28, 2021Date of Patent: July 11, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Publication number: 20230217273Abstract: The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.Type: ApplicationFiled: January 4, 2022Publication date: July 6, 2023Inventors: Rajesh Indira Viswambharan, Saravanan Radhakrishnan, Girish Thimmalapura Shivanna, Mahaveer Jain, Rishi Kant, Sarthak Udai Singh
-
Publication number: 20230084235Abstract: In one embodiment, a method is disclosed for mobile device security that includes receiving a label ID from a low power mobile device via a first access point, wherein the label ID is a randomized value that substitutes a device address of the low power mobile device during wireless communication. The method includes mapping the label ID to the device address, and transmitting the device address to the first access point, and responsive to the transmitting, causing the first access point to pair with the low power mobile device.Type: ApplicationFiled: September 13, 2021Publication date: March 16, 2023Inventors: Nageswara Rao MAJETI, Sairam SAMBARAJU, Manikanteswar G. GOVINDA SWAMY, Kishore HANUMANSETTY, Saravanan RADHAKRISHNAN, Bhavik P. SHAH
-
Patent number: 11601370Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.Type: GrantFiled: April 22, 2022Date of Patent: March 7, 2023Assignee: Cisco Technology, Inc.Inventors: Michael Joseph Stepanek, Costas Kleopa, David McGrew, Blake Harrell Anderson, Saravanan Radhakrishnan
-
Publication number: 20230014351Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: ApplicationFiled: September 14, 2022Publication date: January 19, 2023Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Patent number: 11483290Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: GrantFiled: August 5, 2020Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Publication number: 20220272033Abstract: A map server/map resolver (MS/MR) of a Locator ID Separation Protocol (LISP) control plane for an enterprise private network for group-based service insertion is described. The MS/MR may facilitate communications from a first host having a first endpoint ID (EID) and located at a first tunnel router having a first routing locator (RLOC), to a second host having a second EID and located at a second tunnel router having a second RLOC. The MS/MR receives, from the first tunnel router, a map request for requesting an EID-to-RLOC mapping associated with the second EID and including a group identifier. The MS/MR selects a service insertion policy including an address of a service border router for a service that is registered with the MS/MR, and responds with a map reply including the address for populating an overlay route for forwarding communications via the service border router for insertion of the registered service.Type: ApplicationFiled: February 25, 2021Publication date: August 25, 2022Inventors: Prakash Jain, Sanjay Kumar Hooda, Rajeev Kumar, Saravanan Radhakrishnan, Solomon T. Lucas, Ramesh Yeevani-Srinivas
-
Publication number: 20220255868Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.Type: ApplicationFiled: April 22, 2022Publication date: August 11, 2022Inventors: Michael Joseph Stepanek, Costas Kleopa, David McGrew, Blake Harrell Anderson, Saravanan Radhakrishnan
-
Publication number: 20220200914Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.Type: ApplicationFiled: March 14, 2022Publication date: June 23, 2022Inventors: Michael Joseph Stepanek, Costas Kleopa, David McGrew, Blake Harrell Anderson, Saravanan Radhakrishnan
-
Patent number: 11303574Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.Type: GrantFiled: June 24, 2020Date of Patent: April 12, 2022Assignee: Cisco Technology, Inc.Inventors: Michael Joseph Stepanek, Costas Kleopa, David McGrew, Blake Harrell Anderson, Saravanan Radhakrishnan
-
Publication number: 20220052984Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.Type: ApplicationFiled: October 26, 2021Publication date: February 17, 2022Inventors: Vamsidhar Valluri, Saravanan Radhakrishnan, Anand Oswal, Vinay Prabhu, Sarah Adelaide Evans, Suraj Rangaswamy
-
Patent number: 11201854Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.Type: GrantFiled: June 6, 2019Date of Patent: December 14, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Vamsidhar Valluri, Saravanan Radhakrishnan, Anand Oswal, Vinay Prabhu, Sarah Adelaide Evans, Suraj Rangaswamy
-
Publication number: 20210360004Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: June 28, 2021Publication date: November 18, 2021Inventors: David McGrew, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING