301 patents
Page 14 of 16
Utility
Utilizing Machine Learning for smart quarantining of potentially malicious files
7 Oct 20
Systems and methods include obtaining a file associated with a user for processing; utilizing a combination of policy for the user and machine learning to determine whether to i) quarantine the file and scan the file in a sandbox, ii) allow the file to the user and scan the file in the sandbox, and iii) allow the file to the user without the scan; responsive to the quarantine of the file and the sandbox determining the file is malicious, blocking the file; and, responsive to the quarantine of the file and the sandbox determining the file is benign, allowing the file.
Changsha Ma, Rex Shang, Douglas A. Koch, Dianhuan Lin, Howie Xu, Bharath Kumar, Shashank Gupta, Parnit Sainion, Narinder Paul, Deepen Desai
Filed: 15 Jun 20
Utility
Prudent ensemble models in machine learning with high precision for use in network security
7 Oct 20
Systems and methods include receiving a content item between a user device and a location on the Internet or an enterprise network; utilizing a trained machine learning ensemble model to determine whether the content item is malicious; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item; and, responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item.
Dianhuan Lin, Rex Shang, Changsha Ma, Kevin Guo, Howie Xu
Filed: 4 Apr 19
Utility
joj4fc2rjagr2cn2uo7x8m0o1frqjd4cu6q f3j11phgkuy0
30 Sep 20
Systems and methods include receiving a request for resources that are one of web content and a cloud application from a user device; determining the request requires isolation based on any of policy, category of the web content, type of the user device, and location of the user device; rendering content associated with the request in a secure environment that is isolated from the user device; and providing image content based on the content to the user device.
Uli P. Mittermaier, Alex-Marian Negrea
Filed: 3 Dec 19
Utility
3is1xa6bv2g08msd892ln4ddfu7irc95kfrcwrcz7w1w16890i1sx
26 Aug 20
Systems and methods for alerting administrators of a monitored digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications.
Chakkaravarthy Periyasamy Balaiah, KD Mazboudi, Dhawal Sharma, Satish Kalipatnapu
Filed: 23 Feb 20
Utility
4a5z7i7d0xet2c144 a0
26 Aug 20
Systems and methods for monitoring digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; responsive to a user executing a specific application, obtaining device and application metrics for the user from the associated user device related to usage of specific application; obtaining network metrics from the cloud system related to network performance of the specific application; and providing the device and application metrics and the network metrics to a logging and analytics system for quantifying digital user experience of the specific application.
Dhawal Sharma, KD Mazboudi, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Sreedhar Pampati, Amit Sinha
Filed: 24 Feb 19
Utility
jxewctb1yjoj28d8mo8ccuyhim3rdbptjjl74jxh3
26 Aug 20
Systems and methods for analyzing digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; based on user experience metrics collected by the inline monitoring and stored in a logging analysis system, obtaining user experience metrics for one or more users for a given time epoch and for a given application; determining a user experience score for the one or more users for the given time epoch and for the given application based on the obtained user experience metrics; and providing a graphical user interface displaying data related to various user experience scores for various users over various time epochs with various applications.
Dhawal Sharma, KD Mazboudi, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Sreedhar Pampati, Amit Sinha
Filed: 24 Feb 19
Utility
4863yzl23eduaz 29xxj4u2
17 Aug 20
Mobile device security, device management, and policy enforcement are described in a cloud based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 11 Nov 19
Utility
38tzly8ol3lkit5zn4waq5
12 Aug 20
Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.
Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh kumar Povlavaram Munirathnam
Filed: 26 Apr 20
Utility
r5nl3p2g90xmp 28ptq1a8m72p5
12 Aug 20
System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.
Sushil Pangeni, Vladimir Stepanenko, Srikanth Devarajan, Shashi Kiran Meda Ravi
Filed: 26 Apr 20
Utility
maxeg4io4dwyew49c86iqh3j1d zevweij8q48dowr8rpry8tut5mm0
12 Aug 20
Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.
Sreedhar Pampati, David Creedy, Vikas Mahajan
Filed: 26 Apr 20
Utility
tejoocuzfr4hasox3g z9ih1aaukp32v4vb4bpzhbblt569tzao4lsrzewas
27 Jul 20
A method for troubleshooting and performance analysis of a cloud based system, the method implemented by an analyzer service executed on one or more servers, and the analyzer service communicatively coupled to a network and to user devices, the method includes receiving results from execution of an analyzer application on each of the user devices, wherein the analyzer application is executed locally on user devices to perform tests comprising traceroutes and web page loads, and wherein the plurality of tests are performed both through the cloud based system to the network and directly to the network; processing the results to determine a status of the cloud based system and associated user devices communicating therewith; utilizing the status to identify bottlenecks and issues associated with the cloud based system and the network; and causing performance of remedial actions based on the identified bottlenecks and the issues.
Amit Sinha, Prem Mohan, Arshi Chadha, Preeti Arora, Ajit Singh, Purvi Desai
Filed: 12 Dec 16
Utility
ythj8xyx8cor6scqeq8srvosdcbyu1
27 Jul 20
Systems and methods for improving digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; obtaining user experience scores for any of a user, a group of users, a location, and an organization from the inline monitoring or from the logging and analytics system; responsive to a low user experience, analyzing the low user experience score to determine one or more likely factors; and causing one or more remedial actions to address the low user experience score based on the one or more likely factors.
Dhawal Sharma, KD Mazboudi, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Sreedhar Pampati, Amit Sinha
Filed: 24 Feb 19
Utility
0xrg7yvcpg0rfs3xyb885c8ty1y11t1jsm25gbbsbc82bco6p8ll1oqj 9k
27 Jul 20
Systems and methods implemented by an application executed on a mobile device for service driven split tunneling include receiving and configuring the application on the mobile device; responsive to a set of rules, opening one or more tunnels to one or more host concentrators in the cloud; and intercepting packets being transmitted from the mobile device and one of forwarding the packets over the one or more tunnels and forwarding the packets directly based on the set of rules.
Abhinav Bansal
Filed: 1 May 18
Utility
kd5c3twmzbl220no2r80n0t44er21eho4e5dm
27 Jul 20
A cloud-based security system enforcing application-based control of network resources includes a plurality of nodes communicatively coupled to the Internet; and one or more authority nodes communicatively coupled to the plurality of nodes; wherein a node of the plurality of nodes is communicatively coupled to a user device via the Internet, and wherein the node is configured to receive a request from a user device for network resources on the Internet or in an external network, to evaluate the request to determine an application on the user device associated with the request, and to provide application-based control of the request based on the determined application and the network resources.
Purvi Desai, Abhinav Bansal
Filed: 6 Jul 18
Utility
nu504slptnbcd n1wxbq9fbd49b
27 Jul 20
A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection.
Patrick Foxhoven, John Chanak, William Fehring
Filed: 9 Jul 17
Utility
he8pa0piu2m 0754qs7d1lzcayva
6 Jul 20
Systems and methods of identifying and processing certificate pinned applications through a cloud based security system include monitoring traffic associated with a connection; developing a profile of an application associated with the traffic based on the monitoring, wherein the profile comprises whether or not the application is a certificate pinned application which requires a predefined set of criterion to be matched against an advertised certificate; and selectively performing SSL interception of the connection in the cloud based security system based on the profile.
Rohit Goyal, Abhinav Bansal
Filed: 24 May 17
Utility
2cyhu3yz8jxew perqlux544a1g770lum90khrli6khxzap686x84oc
24 Jun 20
Systems and methods include, in a cloud node, receiving Mobile Device Management (MDM) data from a central authority, wherein the MDM data includes policy metadata specifying MDM functions for mobile devices associated with users of an enterprise; communicating to an application on a mobile device associated with a user, via a tunnel, wherein the application is configured for service discovery and connectivity; and providing the MDM data to the mobile device associated with the user via the tunnel.
Ajit Singh, Vivek Raman, Tejus Gangadharappa
Filed: 3 Mar 20
Utility
pj7syoefuo9f0zmsrdv5tgdqv5bspr
17 Jun 20
Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system.
John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
Filed: 24 Feb 20
Utility
6zxuu1j94bcammg0 iwo29
10 Jun 20
A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
Filed: 16 Feb 20
Utility
bnua3rlsxpz rvdnbu6m6c3jwny1rrl69vr732ty9mmeeqa
3 Jun 20
Multi-tenant cloud-based firewall systems and methods are described.
Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
Filed: 3 Feb 20