logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8949931 B1

PDFFull Text
Date of Patent:
Feb. 03, 2015

Filed:

May. 02, 2012

System and method for monitoring application security in a network environment

Applicants:

Vina Ermagan, San Jose, CA (US);

Suraj Nellikar, Santa Clara, CA (US);

Sudarshana Kandachar Sridhara Rao, Karnataka, IN;

Fabio R. Maino, Palo Alto, CA (US);

Massimiliano Menarini, La Jolla, CA (US);

Inventors:

Vina Ermagan, San Jose, CA (US);

Suraj Nellikar, Santa Clara, CA (US);

Sudarshana Kandachar Sridhara Rao, Karnataka, IN;

Fabio R. Maino, Palo Alto, CA (US);

Massimiliano Menarini, La Jolla, CA (US);

Assignee:

Cisco Technology, Inc., San Jose, CA (US);

Attorney:

Patent Capital Group

Primary Examiner:

Anthony Brown

Int. Cl.
CPC ...
G06F 17/00 (2006.01); H04L 29/06 (2006.01);
U.S. Cl.
CPC ...
H04L 63/20 (2013.01); H04L 63/102 (2013.01);
Abstract

A method includes determining an application role in a distributed application in a network environment, generating a role profile for the application role from an interaction pattern, mapping the role profile to a virtual machine (VM), and detecting a security breach of the VM. Determining the application role includes obtaining network traces from the distributed application, and analyzing the network traces to extract the application role. In one embodiment, detection of the security breach includes generating an access control policy for the VM from the role profile, and determining an anomaly in traffic based thereon. In another embodiment, detection of the security breach includes inserting the role profile in a port profile of the VM, generating a small state machine from the role profile, running the small state machine on a port associated with the VM, and inspecting, by the small state machine, an application level traffic at the port.

Find Patent Forward Citations

Loading…