Patents by Inventor Darshan Shrinath Purandare
Darshan Shrinath Purandare has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11924240Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.Type: GrantFiled: November 25, 2020Date of Patent: March 5, 2024Assignee: Cisco Technology, Inc.Inventors: Shashi Gandham, Navindra Yadav, Janardhanan Radhakrishnan, Hoang-Nam Nguyen, Umesh Paul Mahindra, Sunil Gupta, Praneeth Vallem, Supreeth Rao, Darshan Shrinath Purandare, Xuan Zou, Joseph Daniel Beshay, Jothi Prakash Prabakaran
-
Patent number: 11895156Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: GrantFiled: September 13, 2022Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20230306121Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.Type: ApplicationFiled: June 1, 2023Publication date: September 28, 2023Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Songlin Li
-
Patent number: 11716352Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.Type: GrantFiled: June 16, 2020Date of Patent: August 1, 2023Assignee: Cisco Technology, Inc.Inventors: Supreeth Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Fuzhuo Sun, Ashok Kumar
-
Patent number: 11698976Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.Type: GrantFiled: July 7, 2020Date of Patent: July 11, 2023Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Songlin Li
-
Publication number: 20230012641Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: ApplicationFiled: September 13, 2022Publication date: January 19, 2023Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Patent number: 11539735Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.Type: GrantFiled: August 5, 2020Date of Patent: December 27, 2022Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Matthew Lawson Finn, II
-
Patent number: 11503063Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.Type: GrantFiled: August 5, 2020Date of Patent: November 15, 2022Assignee: Cisco Technology, Inc.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Ashok Kumar, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Songlin Li, Hanlin He
-
Patent number: 11483351Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: GrantFiled: August 26, 2020Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20220070065Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.Type: ApplicationFiled: October 12, 2021Publication date: March 3, 2022Inventors: Matthew Lawson Finn, II, Alok Lalit Wadhwa, Navindra Yadav, Jerry Xin Ye, Supreeth Rao, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Aiyesha Ma, Darshan Shrinath Purandare
-
Publication number: 20220070222Abstract: The present disclosure relates to securing workloads of a network by identifying compromised elements in communication with the network and preventing their access to network resources. In one aspect, a method includes monitoring network traffic at network elements of a network; detecting a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and based on a defined network policy, applying one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.Type: ApplicationFiled: August 26, 2020Publication date: March 3, 2022Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Hongyang Zhang, Kai Zhu
-
Publication number: 20220046046Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.Type: ApplicationFiled: August 5, 2020Publication date: February 10, 2022Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Ashok Kumar, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Songlin Li, Hanlin He
-
Publication number: 20220046045Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.Type: ApplicationFiled: August 5, 2020Publication date: February 10, 2022Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Matthew Lawson Finn, II
-
Publication number: 20220012340Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.Type: ApplicationFiled: July 7, 2020Publication date: January 13, 2022Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Songlin Li
-
Publication number: 20210392165Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.Type: ApplicationFiled: June 16, 2020Publication date: December 16, 2021Inventors: Supreeth Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Aiyesha Ma, Fuzhuo Sun, Ashok Kumar
-
Publication number: 20210392135Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for receiving, at an authentication service of an enterprise network and from a user device, a request to access an application; determining a user status associated with the request based on information received from at least an identity service engine; determining, based on the user status, whether the user device meets a set of security parameters for accessing the application, to yield a determination; and determining, based on the determination, whether to grant or deny the request for accessing the application.Type: ApplicationFiled: June 11, 2020Publication date: December 16, 2021Inventors: Supreeth Rao, Navindra Yadav, Ashok Kumar, Tapan Shrikrishna Patwardhan, Hanlin He, Darshan Shrinath Purandare, Aiyesha Ma, Ning Shan
-
Patent number: 11159386Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.Type: GrantFiled: March 14, 2019Date of Patent: October 26, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Matthew Lawson Finn, II, Alok Lalit Wadhwa, Navindra Yadav, Jerry Xin Ye, Supreeth Rao, Prasannakumar Jobigenahally Malleshaiah, Tapan Shrikrishna Patwardhan, Umamaheswaran Arumugam, Aiyesha Ma, Darshan Shrinath Purandare
-
Patent number: 11128700Abstract: Aspects of the disclosed technology provide methods for automatically tuning load-balancer configurations in a network environment. In some implementations, a process of the disclosed technology includes steps for collecting flow records of traffic flow segments at a middle box in a network environment, the traffic flow segments corresponding to one or more traffic flows passing through the middle box, analyzing the flow records to identify one or more traffic patterns in the network environment, and automatically updating a load balancer configuration based on the one or more traffic patterns, wherein updating the load balancer configuration improves at least one traffic flow parameter for at least one of the traffic flows passing through the middle box. Systems and machine-readable media are also provided.Type: GrantFiled: June 29, 2018Date of Patent: September 21, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Supreeth Rao, Navindra Yadav, Umamaheswaran Arumugam, Michael Watts, Shashi Gandham, Darshan Shrinath Purandare, Duy Nguyen, Hai Vu, Kai Zhu, Aiyesha Ma, Tapan Shrikrishna Patwardhan, Jothi Prakash Prabakaran
-
Publication number: 20210176268Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.Type: ApplicationFiled: November 25, 2020Publication date: June 10, 2021Inventors: Shashi Gandham, Navindra Yadav, Janardhanan Radhakrishnan, Hoang-Nam Nguyen, Umesh Paul Mahindra, Sunil Gupta, Praneeth Vallem, Supreeth Rao, Darshan Shrinath Purandare, Xuan Zou, Joseph Daniel Beshay, Jothi Prakash Prabakaran
-
Patent number: 10917438Abstract: Aspects of the disclosed technology relate to ways to authenticate customer/subscriber access to a policy update stream. A process of the technology can include steps for instantiating a network monitoring device in response to a request, the request comprising one or more configuration parameters for the network monitoring device, and receiving a first certificate from the network monitoring device, wherein the first certificate is based on the one or more configuration parameters. In some aspects, the steps can further include sending the first certificate to a processing pipeline for authentication, wherein the processing pipeline is configured to authenticate the first certificate based on a second certificate received by the processing pipeline from the network monitoring device. Systems and machine readable media are also provided.Type: GrantFiled: July 11, 2018Date of Patent: February 9, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Shashi Gandham, Navindra Yadav, Janardhanan Radhakrishnan, Hoang-Nam Nguyen, Umesh Paul Mahindra, Sunil Gupta, Praneeth Vallem, Supreeth Rao, Darshan Shrinath Purandare, Xuan Zou, Girish Anant Kalele, Jothi Prakash Prabakaran