Patent · US Active

Correlating endpoint and network views to identify evasive applications

US11539721B2 · kind B2 · utility

0Cited by

3References

18Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Blake Harrell Anderson · Chapel Hill, US
David McGrew · Poolesville, US
Vincent E. Parla · Felsen, US
Jan Jusko · Praha, CZ
Martin Grill · Praha, CZ
Martin Vejman · Litomyšl, CZ

Key dates

Filing date	Jun 25, 2020
Grant date	Dec 27, 2022
Priority date	—
Expiry date	Jun 25, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0428
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.