Patents by Inventor Prakash T. Seshadri
Prakash T. Seshadri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11979415Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: GrantFiled: December 11, 2020Date of Patent: May 7, 2024Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Jeffrey S. Marshall, Sunil G. Rawoorkar, Srinivasan Veeraraghavan, Prakash T. Seshadri
-
Publication number: 20240106849Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: ApplicationFiled: December 5, 2023Publication date: March 28, 2024Inventors: Prakash T. SESHADRI, Binh Phu LE, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Kartik Krishnan S. IYYER
-
Patent number: 11888877Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: GrantFiled: November 18, 2020Date of Patent: January 30, 2024Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik Krishnan S. Iyyer
-
Publication number: 20230388188Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: ApplicationFiled: August 10, 2023Publication date: November 30, 2023Inventors: Prakash T. SESHADRI, Sunil G. RAWOORKAR, Yasmin ZARINA, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Krishnaiah GOGINENI, Kartik Krishnan S. IYYER
-
Patent number: 11765034Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: GrantFiled: September 25, 2020Date of Patent: September 19, 2023Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Sunil G. Rawoorkar, Yasmin Zarina, Srinivas Nimmagadda, Jeffrey S. Marshall, Krishnaiah Gogineni, Kartik Krishnan S. Iyyer
-
Patent number: 11700236Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.Type: GrantFiled: February 27, 2020Date of Patent: July 11, 2023Assignee: Juniper Networks, Inc.Inventors: Prasad Miriyala, Aniket G. Daptari, Fei Chen, Pranavadatta D N, Kiran K N, Jeffrey S. Marshall, Prakash T. Seshadri
-
Patent number: 11457043Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.Type: GrantFiled: December 31, 2019Date of Patent: September 27, 2022Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Rakesh Kumar, Prakash T. Seshadri, Sriram Subramanian
-
Publication number: 20220303246Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.Type: ApplicationFiled: February 27, 2020Publication date: September 22, 2022Inventors: Prasad Miriyala, Aniket G. Daptari, Fei Chen, Pranavadatta D N, Kiran K N, Jeffrey S. Marshall, Prakash T. Seshadri
-
Patent number: 11070589Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.Type: GrantFiled: June 29, 2017Date of Patent: July 20, 2021Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Rakesh Kumar, Prakash T. Seshadri
-
Publication number: 20210099472Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: ApplicationFiled: December 11, 2020Publication date: April 1, 2021Inventors: Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Sunil G. RAWOORKAR, Srinivasan VEERARAGHAVAN, Prakash T. SESHADRI
-
Publication number: 20210075810Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: ApplicationFiled: November 18, 2020Publication date: March 11, 2021Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik krishnan S. Iyyer
-
Patent number: 10944793Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.Type: GrantFiled: June 29, 2017Date of Patent: March 9, 2021Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Rakesh Kumar, Prakash T. Seshadri
-
Publication number: 20210014119Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: ApplicationFiled: September 25, 2020Publication date: January 14, 2021Inventors: Prakash T. Seshadri, Sunil G. RAWOORKAR, Yasmin ZARINA, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Krishnaiah GOGINENI, Kartik Krishnan S. IYYER
-
Patent number: 10887327Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: GrantFiled: June 29, 2018Date of Patent: January 5, 2021Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Jeffrey S. Marshall, Sunil G. Rawoorkar, Srinivasan Veeraraghavan, Prakash T. Seshadri
-
Patent number: 10862912Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: GrantFiled: June 29, 2018Date of Patent: December 8, 2020Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik Krishnan S. Iyyer
-
Patent number: 10834103Abstract: A security platform may determine mapped attribute information associated with a plurality of host identifiers. The mapped attribute information may include information that identifies a set of related attributes. The security platform may determine, based on the mapped attribute information, that a host device is associated with at least two host identifiers of the plurality of host identifiers. The security platform may aggregate, based on the at two least host identifiers, threat information as aggregated threat information associated with the host device. The security platform may classify the host device as an infected device or a suspicious device based on the aggregated threat information.Type: GrantFiled: April 1, 2018Date of Patent: November 10, 2020Assignee: Juniper Networks, Inc.Inventors: Karthik Ragunath Balasundaram, Prakash T. Seshadri, Daniel J. Quinlan, Volodymyr Kuznetsov, Rakesh Kumar
-
Patent number: 10819576Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: GrantFiled: March 23, 2018Date of Patent: October 27, 2020Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Sunil G. Rawoorkar, Yasmin Zarina, Srinivas Nimmagadda, Jeffrey S. Marshall, Krishnaiah Gogineni, Kartik Krishnan S. Iyyer
-
Patent number: 10771506Abstract: A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device.Type: GrantFiled: July 31, 2017Date of Patent: September 8, 2020Assignee: Juniper Networks, Inc.Inventors: Rakesh Kumar, Srinivas Nimmagadda, Prakash T. Seshadri, Moloy K. Chatterjee, Mihir S. Maniar, Rakesh Manocha
-
Publication number: 20200137123Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.Type: ApplicationFiled: December 31, 2019Publication date: April 30, 2020Inventors: Srinivas Nimmagadda, Rakesh Kumar, Prakash T. Seshadri, Sriram Subramanian
-
Patent number: 10547644Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.Type: GrantFiled: June 30, 2017Date of Patent: January 28, 2020Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Rakesh Kumar, Prakash T. Seshadri, Sriram Subramanian