301 patents
Page 11 of 16
Utility
Sub-clouds in a cloud-based system for private application access
28 Oct 21
Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.
John A. Chanak, Kunal Shah
Filed: 6 Jul 21
Utility
Connector selection through a cloud-based system for private application access
28 Oct 21
Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.
Kunal Shah, John A. Chanak, Vamshi Palkonda
Filed: 6 Jul 21
Utility
Cloud-based web application and API protection
28 Oct 21
Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.
Pooja Deshmukh, Leslie Smith, William Fehring, Kanti Varanasi, John A. Chanak
Filed: 6 Jul 21
Utility
Client forwarding policies for zero trust access for applications
28 Oct 21
Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.
Kunal Shah, John A. Chanak, David Creedy
Filed: 24 Nov 20
Utility
Stream scanner for identifying signature matches
26 Oct 21
System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.
Sushil Pangeni, Vladimir Stepanenko, Srikanth Devarajan, Shashi Kiran Meda Ravi
Filed: 27 Apr 20
Utility
Data Loss Prevention incident forwarding
21 Oct 21
A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.
Narinder Paul, Arun Bhallamudi, James Tan, Frank Zhang, Poola Deshmukh
Filed: 21 Apr 20
Utility
Data Loss Prevention expression building for a DLP engine
21 Oct 21
Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.
Zhifeng Zhang, Arun Bhallamudi, Pooja Deshmukh
Filed: 19 Aug 20
Utility
Data Loss Prevention on images
21 Oct 21
Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.
Narinder Paul, Arun Bhallamudi
Filed: 19 Aug 20
Utility
Metric computation for traceroute probes using cached data to prevent a surge on destination servers
19 Oct 21
Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented.
Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng, Pankaj Chhabra, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko, Sreedhar Pampati
Filed: 5 Mar 21
Utility
Auto re-segmentation to assign new applications in a microsegmented network
7 Oct 21
Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies.
Scott Laplante, Peter Nahas, Xing Li, Suji Suresh, Daniel R. Perkins, Peter Smith
Filed: 17 Jun 21
Utility
Private service edge nodes in a cloud-based system for private application access
7 Oct 21
Systems and methods include, connecting to a first service edge node in a cloud-based system and obtaining one or more addresses each for one or more service edge nodes in the cloud-based system, wherein the one or more service edge nodes include public service edge nodes and private service edge nodes; connecting to a second service edge node of the one or more service edge nodes using the corresponding address; providing a request for an application to the second service edge node; and responsive to policy and accessibility determined via the cloud-based system, receiving access to the application via a connector adjacent to the application.
John A. Chanak, Ale A. Mansoor, Maxim Perepelitsyn, Deepak Khungar, William Fehring
Filed: 21 Jun 21
Utility
Network exposure detection and security assessment tool
7 Oct 21
Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain.
Nathan Howe
Filed: 3 Apr 20
Utility
Mobile device security, device management, and policy enforcement in a cloud-based system
28 Sep 21
Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 10 Jul 20
Utility
Device identification for management and policy in the cloud
28 Sep 21
Systems and methods for device identification for management and policy in the cloud, using a combination of several hardware parameters and user's identification to generate a unique identifier for a user device and associated user.
Ajit Singh, Vivek Ashwin Raman, Abhinav Bansal
Filed: 5 Nov 19
Utility
Systems and methods for efficiently maintaining records in a cloud-based system
9 Sep 21
Systems and methods include obtaining statistics based on monitoring in a cloud-based system for a given time period; and, responsive to determining an arrangement of counters for N counters, storing each of M counters for the given time period as a plurality of records with each record including a record type, a possible offset to a next record in terms of a counter identifier (ID), and a counter value, wherein N and M are integers and M<<N, and wherein the arrangement is determined such that most frequently used counters occupy lower counter IDs.
Raman Madaan, Kumar Gaurav, Chakkaravarthy Periyasamy Balaiah, Kailash Kailash
Filed: 17 Apr 20
Utility
Cloud access security broker systems and methods via a distributed worker pool
19 Aug 21
A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker.
Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
Filed: 30 Mar 20
Utility
Proxy auto config (PAC) file parser systems and methods
17 Aug 21
Proxy Auto Config (PAC) file parser systems and methods enable file parsing on user devices without Just-in-Time (JIT) compilation in JavaScript, with a memory efficient implementation and with efficient performance.
Amandeep Singh
Filed: 21 Nov 19
Utility
Private application access with browser isolation
12 Aug 21
Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.
Alex-Marian Negrea, Constantin Miroslav, John A. Chanak
Filed: 29 Apr 21
Utility
Systems and methods for monitoring and displaying security posture and risk
10 Aug 21
Systems and methods include obtaining log data from a storage cluster associated with a cloud-based security system, wherein the log data includes transaction data associated with a plurality of users of the cloud-based security system, wherein the transaction data is for one or more of cloud security service transactions, application access via a Zero Trust Network Access (ZTNA) service, and user experience metrics, and wherein the cloud-based security system includes a plurality of tenants with the plurality of users each assigned thereto; analyzing the log data to determine a plurality of visualizations of the transaction data for a tenant; providing a User Interface (UI) to a mobile application with the plurality of visualizations; and providing a risk score summarizing an overall risk posture of the tenant in a single metric.
Jasbir Singh Kaushal, Sichao Zhang, Varun Singh, Alex Rozenberg, Jay Chaudhry, Muralidharan Manickam
Filed: 12 May 20
Utility
Securing local network traffic using cloud computing
29 Jul 21
Systems and methods for securely handling data traffic on local or private networks, such as by using cloud computing, are provided.
Abhinav Bansal, Rohit Goyal
Filed: 15 Apr 21