Patents by Inventor Sunil Amin
Sunil Amin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12348386Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: GrantFiled: February 21, 2024Date of Patent: July 1, 2025Assignee: Cisco Technology, Inc.Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Publication number: 20240305539Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: ApplicationFiled: May 20, 2024Publication date: September 12, 2024Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Publication number: 20240195705Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: ApplicationFiled: February 21, 2024Publication date: June 13, 2024Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Patent number: 11936533Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: GrantFiled: March 24, 2023Date of Patent: March 19, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Patent number: 11888900Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.Type: GrantFiled: April 24, 2020Date of Patent: January 30, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
-
Publication number: 20230231777Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: ApplicationFiled: March 24, 2023Publication date: July 20, 2023Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Patent number: 11632309Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: GrantFiled: July 15, 2021Date of Patent: April 18, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Publication number: 20210344573Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.Type: ApplicationFiled: July 15, 2021Publication date: November 4, 2021Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Patent number: 11075820Abstract: In one embodiment, a service receives data regarding administration traffic in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the received data to determine whether the administration traffic is authorized. The service flags the received data as authorized, based on the analysis of the received data. The service uses the data flagged as authorized to distinguish between benign traffic and malicious traffic in the network.Type: GrantFiled: December 20, 2017Date of Patent: July 27, 2021Assignee: Cisco Technology, Inc.Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
-
Publication number: 20200252435Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.Type: ApplicationFiled: April 24, 2020Publication date: August 6, 2020Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
-
Patent number: 10673901Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.Type: GrantFiled: December 27, 2017Date of Patent: June 2, 2020Assignee: Cisco Technology, Inc.Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
-
Publication number: 20190342173Abstract: In one example embodiment, a server obtains network flow metadata of a network flow of a host in a network. The server identifies one or more attributes of the network flow metadata. For each host group of a plurality of host groups, the server determines whether the one or more attributes of the network flow metadata satisfy one or more criteria for the host group. For each host group for which it is determined that the one or more attributes of the network flow metadata satisfy the one or more criteria, the server classifies the host as belonging to the host group.Type: ApplicationFiled: May 2, 2018Publication date: November 7, 2019Inventors: Laurent Navarro, Jeffrey Markey, Matthew Robertson, Sunil Amin, Marc Dupont, Timothy Deeb-Swihart, II
-
Publication number: 20190199753Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.Type: ApplicationFiled: December 27, 2017Publication date: June 27, 2019Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
-
Publication number: 20190190794Abstract: In one embodiment, a service receives data regarding administration traffic in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the received data to determine whether the administration traffic is authorized. The service flags the received data as authorized, based on the analysis of the received data. The service uses the data flagged as authorized to distinguish between benign traffic and malicious traffic in the network.Type: ApplicationFiled: December 20, 2017Publication date: June 20, 2019Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin