Patents by Inventor Saman Taghavi Zargar
Saman Taghavi Zargar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11443230Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.Type: GrantFiled: September 19, 2018Date of Patent: September 13, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Nancy Cam-Winget, Subharthi Paul, Blake Anderson, Saman Taghavi Zargar, Oleg Bessonov, Robert Frederick Albach, Sanjay Kumar Agarwal, Mark Steven Knellinger
-
Patent number: 11412000Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: GrantFiled: January 14, 2020Date of Patent: August 9, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Patent number: 11095670Abstract: In one example embodiment, a network management device generates a first script defining a first function for detecting a first customizable network event in a sequence of customizable network events indicative of a security threat to a network. The network management device activates the first script at a first network device in the network so as to cause the first network device to execute the first function for detecting the first customizable network event, and obtains, from the first network device, one or more indications that the first network device has detected the first customizable network event. Based on the one or more indications, the network management device determines whether to activate a second script defining a second function for detecting a second customizable network event in the sequence at a second network device in the network capable of detecting the second customizable network event.Type: GrantFiled: July 9, 2018Date of Patent: August 17, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Subharthi Paul, Saman Taghavi Zargar, Jayaraman Iyer, Hari Shankar
-
Publication number: 20210218771Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: ApplicationFiled: January 14, 2020Publication date: July 15, 2021Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Publication number: 20200389497Abstract: Presented herein is a system, device and method that involve creating a policy model and policy rule structure for a policy enforcement point to support policies adapt to rapid changing external conditions in addition to traditional policies that are static. The system facilitates the use of attributes that are either or both dynamically (at run-time) created and/or defined as ephemeral. A new policy attribute may be created dynamically (at run-time). The policy attribute may be mapped as being static or ephemeral. The methodology further involves facilitating evaluation of an attribute as an atomic or programmed set of functions.Type: ApplicationFiled: November 27, 2019Publication date: December 10, 2020Inventors: Nancy Cam-Winget, Jianxin Wang, Dieter Derek Weber, Saman Taghavi Zargar, Robert Frederick Albach
-
Patent number: 10659484Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.Type: GrantFiled: February 19, 2018Date of Patent: May 19, 2020Assignee: Cisco Technology, Inc.Inventors: Saman Taghavi Zargar, Subharthi Paul, Prashanth Patil, Jayaraman Iyer, Hari Shankar
-
Publication number: 20200014713Abstract: In one example embodiment, a network management device generates a first script defining a first function for detecting a first customizable network event in a sequence of customizable network events indicative of a security threat to a network. The network management device activates the first script at a first network device in the network so as to cause the first network device to execute the first function for detecting the first customizable network event, and obtains, from the first network device, one or more indications that the first network device has detected the first customizable network event. Based on the one or more indications, the network management device determines whether to activate a second script defining a second function for detecting a second customizable network event in the sequence at a second network device in the network capable of detecting the second customizable network event.Type: ApplicationFiled: July 9, 2018Publication date: January 9, 2020Inventors: Subharthi Paul, Saman Taghavi Zargar, Jayaraman Iyer, Hari Shankar
-
Publication number: 20190260776Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.Type: ApplicationFiled: February 19, 2018Publication date: August 22, 2019Inventors: Saman Taghavi Zargar, Subharthi Paul, Prashanth Patil, Jayaraman Iyer, Hari Shankar
-
Publication number: 20190236493Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.Type: ApplicationFiled: September 19, 2018Publication date: August 1, 2019Inventors: Nancy Cam-Winget, Subharthi Paul, Blake Anderson, Saman Taghavi Zargar, Oleg Bessonov, Robert Frederick Albach, Sanjay Kumar Agarwal, Mark Steven Knellinger
-
Patent number: 10021070Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.Type: GrantFiled: December 22, 2015Date of Patent: July 10, 2018Assignee: Cisco Technology, Inc.Inventors: Jin Teng, Subharthi Paul, Thilan Niroshaka Ganegedara, Xun Wang, Saman Taghavi Zargar, Jayaraman Iyer
-
Publication number: 20170180316Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.Type: ApplicationFiled: December 22, 2015Publication date: June 22, 2017Applicant: CISCO TECHNOLOGY, INC.Inventors: Jin Teng, Subharthi Paul, Thilan Niroshaka Ganegedara, Xun Wang, Saman Taghavi Zargar, Jayaraman Iyer