System and method for monitoring application security in a network environment

Assignee

• Cisco Technology, Inc. · US

Inventors

• Vina Ermagan · Santa Monica, US
• Suraj Nellikar · Santa Clara, US
• Sudarshana Kandachar Sridhara Rao · Bengaluru, IN
• Fabio R. Maino · Palo Alto, US
• Massimiliano Menarini · Village of La Jolla, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method includes determining an application role in a distributed application in a network environment, generating a role profile for the application role from an interaction pattern, mapping the role profile to a virtual machine (VM), and detecting a security breach of the VM. Determining the application role includes obtaining network traces from the distributed application, and analyzing the network traces to extract the application role. In one embodiment, detection of the security breach includes generating an access control policy for the VM from the role profile, and determining an anomaly in traffic based thereon. In another embodiment, detection of the security breach includes inserting the role profile in a port profile of the VM, generating a small state machine from the role profile, running the small state machine on a port associated with the VM, and inspecting, by the small state machine, an application level traffic at the port.