Patents by Inventor Supreeth Hosur Nagesh Rao
Supreeth Hosur Nagesh Rao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
METHODS AND SYSTEMS FOR DETECTING RECONNAISSANCE AND INFILTRATION IN DATA LAKES AND CLOUD WAREHOUSES
Publication number: 20240106847Abstract: In one aspect, a computerized method for detecting reconnaissance and infiltration in data lakes and cloud warehouses, comprising: monitoring a SaaS data store or a cloud-native data store from inside the data store; examining the attack and automatically identifies how far the attack has progressed in the attack lifecycle; identifying the target and scope of the attack evaluates how far the attackers have penetrated the system and what is their target; and establishing the value of the asset subject to the attackers' attack and maps the impact of the attack on the CIA (confidentiality, integrity and availability) triad.Type: ApplicationFiled: June 27, 2023Publication date: March 28, 2024Inventors: NAVINDRA YADAV, SUPREETH HOSUR NAGESH RAO, RAVI SANKURATRI, DANESH IRANI, ALOK LALIT WADHWA, VASIL DOCHKOV YORDANOV, VENKATESHU CHERUKUPALLI, VENKATESHU CHERUKUPALLI, YIWEI WANG, YIWEI WANG, ZHIWEN ZHANG, ZHIWEN ZHANG, ZHIWEN ZHANG, UDAYAN JOSHI -
Patent number: 11936663Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.Type: GrantFiled: November 9, 2022Date of Patent: March 19, 2024Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Abhishek Ranjan Singh, Shashidhar Gandham, Ellen Christine Scheib, Omid Madani, Ali Parandehgheibi, Jackson Ngoc Ki Pang, Vimalkumar Jeyakumar, Michael Standish Watts, Hoang Viet Nguyen, Khawar Deen, Rohit Chandra Prasad, Sunil Kumar Gupta, Supreeth Hosur Nagesh Rao, Anubhav Gupta, Ashutosh Kulshreshtha, Roberto Fernando Spadaro, Hai Trong Vu, Varun Sagar Malhotra, Shih-Chun Chang, Bharathwaj Sankara Viswanathan, Fnu Rachita Agasthy, Duane Thomas Barlow
-
Publication number: 20240056460Abstract: In one aspect, a computerized method for detecting data abuse and data exfiltration in a data store or a data lakes cloud warehouse, comprising: identifying a plurality of Command and control (CnC) channels in an enterprise data cloud infrastructure; identifying and detecting malicious compressed data transfers and encrypted data transfers; implementing a destination analysis from within the data store; and implementing data abuse detection and prevention operations.Type: ApplicationFiled: August 18, 2023Publication date: February 15, 2024Inventors: NAVINDRA Ross YADAV, SUPREETH HOSUR NAGESH RAO, RAVI SANKURATRI, DANESH IRANI, ALOK LALIT WADHWA, VASIL DOCHKOV YORDANOV, VENKATESHU CHERUKUPALLI, YIWEI WANG, ZHIWEN ZHANG, UDAYAN JOSHI
-
Patent number: 11902122Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.Type: GrantFiled: September 27, 2022Date of Patent: February 13, 2024Assignee: Cisco Technology, Inc.Inventors: Jackson Ngoc Ki Pang, Navindra Yadav, Anubhav Gupta, Shashidhar Gandham, Supreeth Hosur Nagesh Rao, Sunil Kumar Gupta
-
Patent number: 11895156Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: GrantFiled: September 13, 2022Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20240028572Abstract: In one aspect, a computerized system for securing data cloning and sharing options on data warehouses, comprising: a clone determiner engine that determines that a data asset is a primary data asset or a clone data asset, wherein the clone determiner engine comprises: a log data analyzer that obtains and analyzes a set of logs of the data asset from a specified log source, and wherein set of logs are used to determine that the data asset is the primary data asset or the clone data asset, a timestamp analyzer engine that obtains a timestamp data of the data asset and reviews the timestamp data to analyze ordering of the data asset, and wherein the timestamp analyzer engine determines the data asset is a primary asset or a secondary asset, and a fingerprints analyzer that obtains and reviews the data asset and any metadata of data asset, and wherein the fingerprints analyzer creates a fingerprint based on a content of the data asset and the metadata of the data asset, and wherein the fingerprints analyzer thenType: ApplicationFiled: January 24, 2023Publication date: January 25, 2024Inventors: NAVINDRA YADAV, SUPREETH HOSUR NAGESH Rao, RAVI SANKURATRI, DANESH IRANI, ALOK LALIT WADHWA, VASIL DOCHKOV YORDANOV, VENKATESHU CHERUKUPALLI, YIWEI WANG, ZHIWEN ZHANG, UDAYAN JOSHI
-
Publication number: 20230334162Abstract: In one aspect, a computerized method for minimizing a data governance in order to improve data security, comprising: providing and imposing a set of access rules to a set of data, wherein the set of data is stored in a data warehouse; measuring a level of over provisioning of the set of data; measuring a level of data abuse susceptibility of the set of data; implementing a dark data governance operation on the set of data; and identifying a set of infrequently used roles in the set of data.Type: ApplicationFiled: February 9, 2023Publication date: October 19, 2023Inventors: NAVINDRA YADAV, SUPREETH HOSUR NAGESH RAO, RAVI SANKURATRI, DANESH IRANI, ALOK LALIT WADHWA, VASIL DOCHKOV YORDANOV, VENKATESHU CHERUKUPALLI, YIWEI WANG, ZHIWEN ZHANG, UDAYAN JOSHI
-
Publication number: 20230306121Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.Type: ApplicationFiled: June 1, 2023Publication date: September 28, 2023Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Songlin Li
-
Patent number: 11698976Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.Type: GrantFiled: July 7, 2020Date of Patent: July 11, 2023Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Songlin Li
-
Publication number: 20230118563Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.Type: ApplicationFiled: November 9, 2022Publication date: April 20, 2023Inventors: Navindra Yadav, Abhishek Ranjan Singh, Shashidhar Gandham, Ellen Christine Scheib, Omid Madani, Ali Parandehgheibi, Jackson Ngoc Ki Pang, Vimalkumar Jeyakumar, Michael Standish Watts, Hoang Viet Nguyen, Khawar Deen, Rohit Chandra Prasad, Sunil Kumar Gupta, Supreeth Hosur Nagesh Rao, Anubhav Gupta, Ashutosh Kulshreshtha, Roberto Fernando Spadaro, Hai Trong Vu, Varun Sagar Malhotra, Shih-Chun Chang, Bharathwaj Sankara Viswanathan, Fnu Rachita Agasthy, Duane Thomas Barlow
-
Publication number: 20230018068Abstract: In one aspect, a computerized system for locating anomalous query activity with a cloud-based database, comprising: with an atypical query engine: analyzing and understanding data within a cloud-based database, processing all accesses to the data within cloud-based database and SAAS environment, generating a list of user that accesses a table from a location in the cloud-based database using, and capture a set of specified key statistics about the cloud-based database query; and role suggestion engine: generating a user behavior fingerprint comprising a history of the user's behavior within the cloud-based database, identifying that a user is an outlier with respect to behavior with respect to the set of specified key statistics, and suggesting a new role within an enterprise managing the cloud-based database for the user, wherein the fingerprint of the outlier user is used to generate the suggestion for the new role.Type: ApplicationFiled: June 1, 2022Publication date: January 19, 2023Inventors: SUPREETH HOSUR NAGESH RAO, NAVINDRA YADAV, RAVI SANKURATRI, ALOK LALIT WADHWA, ARIA RAHADIAN, BRADY SCHULMAN, RAVI SHANKER PRASAD, VASIL DOCHKOV YORDANOV, YIWEI WANG, ZHIWEN ZHANG, UDAYAN JOSHI, SOUMYADEEP CHOUDHURY, MUHAMMADA FURQAN, DANESH IRANI
-
Publication number: 20230012641Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: ApplicationFiled: September 13, 2022Publication date: January 19, 2023Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20230014842Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.Type: ApplicationFiled: September 27, 2022Publication date: January 19, 2023Inventors: Jackson Ngoc Ki Pang, Navindra Yadav, Anubhav Gupta, Shashidhar Gandham, Supreeth Hosur Nagesh Rao, Sunil Kumar Gupta
-
Patent number: 11539735Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.Type: GrantFiled: August 5, 2020Date of Patent: December 27, 2022Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Matthew Lawson Finn, II
-
Publication number: 20220407883Abstract: In one aspect, a computerized method for locating one or more shadow vulnerable datastores for cloud-platform datastores includes the step of identifying a cloned data store of an original datastore in a cloud database instance. It includes the step of determining that the cloned datastore comprises a shadow vulnerable datastore. It includes the step of defining a security posture of the cloned datastore. It includes the step of publishing a digitized data clone security differential report comprising the security posture and one or more remediations to fix security posture issues.Type: ApplicationFiled: April 1, 2022Publication date: December 22, 2022Inventors: SUPREETH HOSUR NAGESH RAO, NAVINDRA YADAV, RAVI SANKURATRI, ALOK LALIT WADHWA, ARIA RAHADIAN, BRADY SCHULMAN, RAVI SHANKER PRASAD, VASIL DOCHKOV YORDANOV, YIWEI WANG, ZHIWEN ZHANG, UDAYAN JOSHI, SOUMYADEEP CHOUDHURY, MUHAMMADA FURQAN, DANESH IRANI
-
Patent number: 11528283Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.Type: GrantFiled: June 11, 2020Date of Patent: December 13, 2022Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Abhishek Ranjan Singh, Shashidhar Gandham, Ellen Christine Scheib, Omid Madani, Ali Parandehgheibi, Jackson Ngoc Ki Pang, Vimalkumar Jeyakumar, Michael Standish Watts, Hoang Viet Nguyen, Khawar Deen, Rohit Chandra Prasad, Sunil Kumar Gupta, Supreeth Hosur Nagesh Rao, Anubhav Gupta, Ashutosh Kulshreshtha, Roberto Fernando Spadaro, Hai Trong Vu, Varun Sagar Malhotra, Shih-Chun Chang, Bharathwaj Sankara Viswanathan, Fnu Rachita Agasthy, Duane Thomas Barlow
-
Patent number: 11522775Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.Type: GrantFiled: May 6, 2020Date of Patent: December 6, 2022Assignee: Cisco Technology, Inc.Inventors: Jackson Ngoc Ki Pang, Navindra Yadav, Anubhav Gupta, Shashidhar Gandham, Supreeth Hosur Nagesh Rao, Sunil Kumar Gupta
-
Patent number: 11503063Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.Type: GrantFiled: August 5, 2020Date of Patent: November 15, 2022Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Ashok Kumar, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Songlin Li, Hanlin He
-
Patent number: 11483351Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: GrantFiled: August 26, 2020Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20220269815Abstract: In one aspect, a computerized method for automatically identifying and solving for vendor data abuse in an enterprise network, includes the step of implementing a vendor detection at one or more gateways of the enterprise network. The method includes the step of mapping a set of data along with any associated data attributes of the set of data that are being shared with a vendor via the one or more gateways. The method includes the step of detecting and identifying an access anomaly with respect to the set of data associated with a vendor access. The method includes the step of implementing a specified data minimization process to the access anomaly.Type: ApplicationFiled: June 1, 2021Publication date: August 25, 2022Inventors: SUPREETH HOSUR NAGESH RAO, Navindra Yadav, Ravi Sankuratri, Alok Lalit Wadhwa, Aria Rahadian, Bharathwaj Sankara Viswanathan, Brady Schulman, Matthew Finn, Ravi Shanker Prasad, Vasil Dochkov Yordanov, Yiwei Wang, Zhiwen Zhang