Patents by Inventor Kannan Kumar
Kannan Kumar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12289232Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.Type: GrantFiled: November 8, 2023Date of Patent: April 29, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
-
Patent number: 12225051Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.Type: GrantFiled: July 28, 2022Date of Patent: February 11, 2025Assignee: Cisco Technology, Inc.Inventors: Balaji Sundararajan, Vishnuprasad Raghavan, Kannan Kumar, Ramana Babu Polamarasetti, Mahalakshmi Rajaram
-
Publication number: 20250039141Abstract: This disclosure describes techniques for orchestrating implementation of a security solution among network devices. The techniques include determining capabilities of routers of the network and capabilities of a cloud security service to perform security features of a security solution. Based at least in part on the capabilities, the techniques include configuring a router of the network to execute a first subset of the security features on data traffic of the network, and configuring the cloud security service to execute a second subset of the security features on the data traffic. The techniques may also include causing the security solution to be presented to a security administrator via a display, the display providing representations of the first subset and the second subset of the security features.Type: ApplicationFiled: July 24, 2023Publication date: January 30, 2025Inventors: Faizan Amjad Mohammed, Venkatesh Nataraj, Gowri Mahendran Lingam Chandramohan, Saravanan Radhakrishnan, Kannan Kumar
-
Publication number: 20250030743Abstract: Methods and systems are described herein for dynamically applying a security policy based on one or more tag attributes. The method comprises receiving, at a network controller, information about an instance of a cloud workload instantiated at a cloud provider. The cloud workload is associated with a tag attribute. The method further comprises querying the cloud provider for at least one IP address associated with the tag attribute and learning the at least one IP address associated with the tag attribute, including the IP address for the instance of the cloud workload. The method further comprises associating a security policy with the at least one IP address associated with the tag attribute and propagating the security policy to at least one edge router for implementation.Type: ApplicationFiled: July 21, 2023Publication date: January 23, 2025Inventors: Balaji Sundararajan, Kannan Kumar, Madhu Somu, Ramakumara Kariyappa, Kushal A Patel, Vishnuprasad Raghavan, Deepthi Tammireddy
-
Publication number: 20240179125Abstract: This disclosure describes techniques and mechanisms for disclosure describes techniques and mechanisms for optimizing firewall enforcement. The techniques may implement a dynamic detection of Layer 7 processing at one end of the network, alleviating the need to enforce another layer 7 firewall inspection at the other end, thereby saving processing and network resources. The techniques enable firewalls and policies to be statically defined and located in one place.Type: ApplicationFiled: November 30, 2022Publication date: May 30, 2024Inventors: Balaji Sundararajan, Venkatesh Nataraj, Kannan Kumar, Padmanabha Nallur, Abha Jain, Kushal Patel
-
Publication number: 20240106855Abstract: This disclosure describes techniques and mechanisms for improving security within SDWAN fabric and utilizing telemetry data from non-enterprise providers to remediate compromised SDWAN site(s) and/or user(s). The techniques may implement an integration of non-enterprise application(s) and API(s) with an enterprise network, thereby enabling the enterprise network to identify compromised endpoint(s), identify user(s), group(s), site(s) that are impacted, and take a corrective action (by the enterprise network and/or the non-enterprise application(s) or API(s)) on the enterprise fabric.Type: ApplicationFiled: February 7, 2023Publication date: March 28, 2024Inventors: Balaji Sundararajan, Vivek Agarwal, Vishnuprasad Raghavan, Kannan Kumar, Chandra Balaji Rajaram
-
Publication number: 20240080267Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.Type: ApplicationFiled: November 8, 2023Publication date: March 7, 2024Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
-
Publication number: 20240039956Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.Type: ApplicationFiled: July 28, 2022Publication date: February 1, 2024Inventors: Balaji Sundararajan, Vishnuprasad Raghavan, Kannan Kumar, Ramana Babu Polamarasetti, Mahalakshmi Rajaram
-
Patent number: 11824770Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.Type: GrantFiled: March 8, 2022Date of Patent: November 21, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
-
Publication number: 20230188461Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.Type: ApplicationFiled: March 8, 2022Publication date: June 15, 2023Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
-
Patent number: 10601664Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: GrantFiled: April 28, 2017Date of Patent: March 24, 2020Assignee: Cisco Technology, Inc.Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Patent number: 10298581Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: GrantFiled: April 28, 2017Date of Patent: May 21, 2019Assignee: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
-
Publication number: 20180316563Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Publication number: 20180316673Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Applicant: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak