301 patents
Page 13 of 16
Utility
Cloud policy enforcement based on network trust
28 Jan 21
Systems and methods include obtaining trusted network rules for a plurality of networks, wherein the trusted network rules include whether a network is untrusted or one of a plurality of trusted networks; obtaining policy configurations for each of the trusted network rules, wherein the policy configurations define configurations for a cloud-based system to use with a user device based on a corresponding network where the user device is connected; communicating with the user device and determining which network of the plurality of network the user device is connected; and applying the configurations in the cloud-based system for the user device based on the network the user device is connected.
Vivek Ashwin Raman, Ajit Singh, Vikas Mahajan, Amandeep Singh, Huiju Wu, David Creedy
Filed: 29 Sep 20
Utility
System and method for malware detection on a per packet basis
28 Jan 21
Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis.
Huihsin Tseng, Hao Xu, Jian L. Zhen
Filed: 12 Oct 20
Utility
Protecting PII data from man-in-the-middle attacks in a network
26 Jan 21
Systems and methods include receiving a request from a client with the request including an authentication token as a request header, wherein the authentication token includes a first encryption key, a second encryption key, and a timestamp; decrypting the authentication token with a private key of the server to obtain the first encryption key, the second encryption key, and the timestamp; and validating the request based on the first encryption key and the timestamp, and, if valid, decrypting payload of the request with the second encryption key.
Vivek Ashwin Raman, Ajit Singh
Filed: 11 Sep 19
Utility
Signature pattern matching testing framework
26 Jan 21
Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.
Loren Weith, Deepen Desai
Filed: 8 Mar 18
Utility
Systems and methods for monitoring digital user experience
12 Jan 21
Systems and methods for monitoring digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; responsive to a user executing a specific application, obtaining device and application metrics for the user from the associated user device related to usage of specific application; obtaining network metrics from the cloud system related to network performance of the specific application; and providing the device and application metrics and the network metrics to a logging and analytics system for quantifying digital user experience of the specific application.
Dhawal Sharma, K D Mazboudi, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Sreedhar Pampati, Amit Sinha
Filed: 25 Feb 19
Utility
Machine learning model abstraction layer for runtime efficiency
6 Jan 21
Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.
Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
Filed: 17 Sep 20
Utility
Automated Estimation of Network Security Policy Risk
16 Dec 20
A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction.
John O 'Neil, Michael J. Melson
Filed: 10 Jun 20
Utility
Semi-Automatic Communication Network Microsegmentation
16 Dec 20
A computer system automatically generates a proposal for performing microsegmentation on a network.
Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
Filed: 10 Jun 20
Utility
Automatic Network Application Security Policy Expansion
16 Dec 20
A system validates the establishment and/or continuation of a connection between two applications over a network.
Peter Nahas, Peter Smith, Harry Sverdlove, John O'Neil, Scott Laplante, Andriy Kochura
Filed: 10 Jun 20
Utility
Automated Software Capabilities Classification
9 Dec 20
A computer system automatically learns which application behavior constitutes “multi-use” behavior by observing the behavior of applications on a network.
John O'Neil, Peter Smith
Filed: 8 Jun 20
Utility
Statistical Network Application Security Policy Generation
9 Dec 20
Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy.
John O'Neil
Filed: 9 Jun 20
Utility
State management across distributed services using cryptographically bound journals
23 Nov 20
Systems and methods for managing configurations of distributed computing services include responsive to an update to a configuration of a service, performing a write to a cryptographically bound journal; validating the write by a plurality of validators; responsive to validation of the write, permanently recording the write in the cryptographically bound journal in a block chain; and providing an update to the cryptographically bound journal to the distributed computing services.
Subramanian Srinivasan
Filed: 9 Apr 18
Utility
Systems and methods for troubleshooting and performance analysis of cloud-based services
11 Nov 20
Systems and methods for troubleshooting and performance analysis of a cloud-based service include receiving metrics over time from a plurality of analyzers, wherein the metrics include service-related metrics and network-related metrics related to a cloud-based service, wherein each analyzer of the plurality of analyzers is executed at one of a user device accessing the cloud-based service and in the cloud-based service, and wherein at least one analyzer is executed in the cloud-based service; analyzing the metrics to determine a status of the cloud-based service over the time; and identifying issues related to the cloud-based service utilizing the analyzed metrics over the time, wherein the issues include any of an issue on a particular user device, an issue in a network between a particular user device and the cloud service, and an issue within the cloud service.
Amit Sinha, Prem Mohan, Arshi Chadha, Preeti Arora, Ajit Singh, Purvi Desai
Filed: 27 Jul 20
Utility
Cloud based security using DNS
11 Nov 20
The present disclosure includes, responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and forwarding the request to a system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked.
Patrick Foxhoven, John Chanak, William Fehring
Filed: 27 Jul 20
Utility
Mobile device security, device management, and policy enforcement in a cloud-based system
28 Oct 20
Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 9 Jul 20
Utility
System and method for malware detection on a per packet basis
26 Oct 20
Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis.
Huihsin Tseng, Hao Xu, Jian L. Zhen
Filed: 4 Apr 18
Utility
Cloud services management systems utilizing in-band communication conveying situational awareness
26 Oct 20
A cloud system includes a plurality of cloud nodes configured to implement a cloud service which is used by a plurality of clients; a cloud management system communicatively coupled to the plurality of cloud nodes and configured to manage the plurality of cloud nodes; and a probe endpoint service executed on a cloud node, wherein a client is configured to utilize the cloud service based on a connection between the client and the cloud node executing the probe endpoint service, wherein the client is configured to execute a probe client, wherein the probe client is configured to periodically transmit probes and receive probe responses which are either empty responses denoting connectivity or a response body with maintenance or situational data contained therein, and wherein the probe client is configured to perform mitigation actions based on reception of the data.
Eduardo Manuel Parra, Michael Ted Richard
Filed: 23 Jul 18
Utility
Automated load balancer discovery
26 Oct 20
Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network.
John O'Neil, Thomas Evan Keiser, Jr., Peter Smith
Filed: 2 Jul 19
Utility
Enforcing security policies on mobile devices in a hybrid architecture
21 Oct 20
Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein.
Vikas Mahajan, Rohit Goyal
Filed: 6 Jul 20
Utility
Quarantining fake, counterfeit, jailbroke, or rooted mobile devices in the cloud
21 Oct 20
Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service.
Sreedhar Pampati, David Creedy, Brijesh Singh
Filed: 29 May 19