Patents by Inventor Arindum Mukerji
Arindum Mukerji has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11652714Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: July 11, 2022Date of Patent: May 16, 2023Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Publication number: 20220345384Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: July 11, 2022Publication date: October 27, 2022Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11438247Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: GrantFiled: August 10, 2020Date of Patent: September 6, 2022Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Patent number: 11431744Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.Type: GrantFiled: March 9, 2020Date of Patent: August 30, 2022Assignee: ExtraHop Networks, Inc.Inventors: Arindum Mukerji, Khurram Waheed
-
Patent number: 11388072Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: June 2, 2021Date of Patent: July 12, 2022Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Publication number: 20210288895Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: June 2, 2021Publication date: September 16, 2021Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Publication number: 20210194781Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: ApplicationFiled: August 10, 2020Publication date: June 24, 2021Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Publication number: 20210037033Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.Type: ApplicationFiled: March 9, 2020Publication date: February 4, 2021Inventors: Arindum Mukerji, Khurram Waheed
-
Patent number: 10742530Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: GrantFiled: August 5, 2019Date of Patent: August 11, 2020Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Patent number: 10587638Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.Type: GrantFiled: April 22, 2019Date of Patent: March 10, 2020Assignee: ExtraHop Networks, Inc.Inventors: Arindum Mukerji, Khurram Waheed
-
Patent number: 10511499Abstract: Embodiments are directed to monitoring network traffic in a network. A network monitoring engine may monitor networks to collect characteristics associated with network flows. The network monitoring engine may be arranged to identify entities on the network based on characteristics associated with the network flows. The network monitoring engine may provide entity profiles based on the identified entities and the characteristics. A configuration management engine may compare the entity profiles with configuration item (CI) entries in a database. The configuration management engine may provide discrepancy notices based on differences discovered during the comparison. Accordingly, the network monitoring engine may execute one or more policies to perform one or more additional actions based on the one or more discrepancies notices. Also, the configuration management engine may perform audits of an organization's information technology infrastructure to identify one or more violations of compliance policies.Type: GrantFiled: April 15, 2019Date of Patent: December 17, 2019Assignee: ExtraHop Networks, Inc.Inventors: Arindum Mukerji, Jeffery Bradford Fry
-
Publication number: 20190253445Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.Type: ApplicationFiled: April 22, 2019Publication date: August 15, 2019Inventors: Arindum Mukerji, Khurram Waheed
-
Publication number: 20190245759Abstract: Embodiments are directed to monitoring network traffic in a network. A network monitoring engine may monitor networks to collect characteristics associated with network flows. The network monitoring engine may be arranged to identify entities on the network based on characteristics associated with the network flows. The network monitoring engine may provide entity profiles based on the identified entities and the characteristics. A configuration management engine may compare the entity profiles with configuration item (CI) entries in a database. The configuration management engine may provide discrepancy notices based on differences discovered during the comparison. Accordingly, the network monitoring engine may execute one or more policies to perform one or more additional actions based on the one or more discrepancies notices. Also, the configuration management engine may perform audits of an organization's information technology infrastructure to identify one or more violations of compliance policies.Type: ApplicationFiled: April 15, 2019Publication date: August 8, 2019Inventors: Arindum Mukerji, Jeffery Bradford Fry
-
Patent number: 10270794Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.Type: GrantFiled: February 9, 2018Date of Patent: April 23, 2019Assignee: ExtraHop Networks, Inc.Inventors: Arindum Mukerji, Khurram Waheed
-
Patent number: 10263863Abstract: Embodiments are directed to monitoring network traffic in a network. A network monitoring engine may monitor networks to collect characteristics associated with network flows. The network monitoring engine may be arranged to identify entities on the network based on characteristics associated with the network flows. The network monitoring engine may provide entity profiles based on the identified entities and the characteristics. A configuration management engine may compare the entity profiles with configuration item (CI) entries in a database. The configuration management engine may provide discrepancy notices based on differences discovered during the comparison. Accordingly, the network monitoring engine may execute one or more policies to perform one or more additional actions based on the one or more discrepancies notices. Also, the configuration management engine may perform audits of an organization's information technology infrastructure to identify one or more violations of compliance policies.Type: GrantFiled: August 11, 2017Date of Patent: April 16, 2019Assignees: ExtraHop Networks, Inc., Reel/Frame: 043271/0705Inventors: Arindum Mukerji, Jeffery Bradford Fry
-
Publication number: 20190052554Abstract: Embodiments are directed to monitoring network traffic in a network. A network monitoring engine may monitor networks to collect characteristics associated with network flows. The network monitoring engine may be arranged to identify entities on the network based on characteristics associated with the network flows. The network monitoring engine may provide entity profiles based on the identified entities and the characteristics. A configuration management engine may compare the entity profiles with configuration item (CI) entries in a database. The configuration management engine may provide discrepancy notices based on differences discovered during the comparison. Accordingly, the network monitoring engine may execute one or more policies to perform one or more additional actions based on the one or more discrepancies notices. Also, the configuration management engine may perform audits of an organization's information technology infrastructure to identify one or more violations of compliance policies.Type: ApplicationFiled: August 11, 2017Publication date: February 14, 2019Inventors: Arindum Mukerji, Jeffery Bradford Fry
-
Patent number: 10135736Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.Type: GrantFiled: March 10, 2014Date of Patent: November 20, 2018Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji
-
Publication number: 20180324061Abstract: Embodiments are directed to monitoring a network flow. A characteristic of the monitored network flow may be compared to a criterion. A filter may provide the criterion. Filtered network traffic may be provided based on the filter and the comparison. A rule may be provided based on the filtered network traffic, such that each rule is associated with one or more rule prologues and one or more rule actions. The one or more rule prologues may be executed on the filtered network traffic to provide one or more satisfied rule prologues. One or more of the one or more rule actions may be executed based on the one or more satisfied rule prologues, such that the one or more executed rule actions and the one or more satisfied rule prologues are each associated with a same rule.Type: ApplicationFiled: May 3, 2017Publication date: November 8, 2018Inventors: Bhushan Prasad Khanal, Eric Joseph Hammerle, Arindum Mukerji
-
Patent number: 9742806Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third -party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.Type: GrantFiled: June 30, 2014Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
-
Patent number: 9210135Abstract: Embodiments are directed towards resynchronizing the processing of a monitored flow based on hole detection. A network monitoring device (NMD) may be employed to passively monitor flows of packets for a session between endpoints. The NMD may receive copies of the monitored flow and perform processes on the monitored flow. In some situations, some copies of packets may not be fully processed by the NMD, creating a hole in the processing. If a hole is detected in the monitored flow and the processing of the monitored flow is desynchronized, then the NMD may suspend processing until it is resynchronized or for a remainder of the session. If the processing is desynchronized, then the NMD may resynchronize the processing by resuming the processing of the monitored flow at a downstream position of the monitored flow based on the detected hole.Type: GrantFiled: September 29, 2014Date of Patent: December 8, 2015Assignee: ExtraHop Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, Bhushan Prasad Khanal