301 patents
Page 3 of 16
Utility
Utilizing machine learning for smart quarantining of potentially malicious files
12 Sep 23
Systems and methods include obtaining a file associated with a user for processing; utilizing a combination of policy for the user and machine learning to determine whether to i) quarantine the file and scan the file in a sandbox, ii) allow the file to the user and scan the file in the sandbox, and iii) allow the file to the user without the scan; responsive to the quarantine of the file and the sandbox determining the file is malicious, blocking the file; and, responsive to the quarantine of the file and the sandbox determining the file is benign, allowing the file.
Changsha Ma, Rex Shang, Douglas A. Koch, Dianhuan Lin, Howie Xu, Bharath Kumar, Shashank Gupta, Parnit Sainion, Narinder Paul, Deepen Desai
Filed: 16 Jun 20
Utility
Adaptive tracing using one of a plurality of protocols
12 Sep 23
Techniques for using trace with tunnels and cloud-based systems for determining measures of network performance are presented.
Pankaj Chhabra, Sandeep Kamath
Filed: 15 Sep 21
Utility
Determining the path of User Datagram Protocol (UDP) traceroute probes
7 Sep 23
Techniques for determining the path of User Datagram Protocol (UDP) traceroute probes using Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP).
Chakkaravarthy Periyasamy Balaiah, Sandeep Kamath, Srikanth Devarajan, Pankaj Chhabra
Filed: 15 May 23
Utility
Stream processing of telemetry for a network topology
7 Sep 23
Systems and methods include receiving messages from local security agents each on a host in a network, wherein the messages include network topology of the network in terms of addresses and sockets; incrementally creating a network topology of the network based on the messages; determining security policies for one or more microsegments in the network based on flow data and the network topology; and providing the security policies to respective hosts for local implementation of the one or more microsegments.
Michael J. Melson, Scott Laplante
Filed: 7 Mar 22
Utility
Encrypted traffic inspection in a cloud-based security system
5 Sep 23
A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of establishing a connection with a user device having a user associated with a tenant; obtaining policy for the user; monitoring traffic between the user device and the Internet including snooping session keys for any encrypted traffic; analyzing the traffic based on the policy including utilizing the session keys on the encrypted traffic; and one of allowing, blocking, or limiting the traffic based on the analyzing.
Srikanth Devarajan, Vijay Bulusu, Leslie McCutcheon
Filed: 7 Apr 22
Utility
Exploit detection in a cloud-based sandbox
17 Aug 23
Computer-implemented systems and methods include receiving unknown content in a cloud-based sandbox; performing an analysis of the unknown content in the cloud-based sandbox; obtaining events based on the analysis; running one or more exploit detection rules on the events; and providing a score based on a result of the one or more rules.
Nirmal Singh Bhary, Tarun Dewan, Rajdeepsinh Dodia, Chiragkumar Kantibhai Prajapati
Filed: 18 Apr 23
Utility
Disaster recovery for cloud-based monitoring of internet access
17 Aug 23
Systems and methods include receiving one or more disaster recovery configurations; identifying activation of a disaster recovery mode; and controlling traffic flow such that the traffic is any of blocked to all destinations, allowed to all destinations, and allowed to preselected destinations based on the one or more received disaster recovery configurations.
Abhinav Bansal, Paul Yun Ling, Vikas Mahajan
Filed: 26 Apr 23
Utility
Generating zero-trust policy for application access based on sequence-based application segmentation
10 Aug 23
Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users and user metadata; analyzing the log data to determine one or more sequential patterns of application access; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users, based on the log data and the one or more sequential patterns of application access; and providing access policy of the plurality of applications based on the user-groups and the app-segments.
Chenhui Hu, Devesh Solanki, Gaurav Garg, Shikhar Omar, Raimi Shah, Dianhuan Lin, Rex Shang, Howie Xu
Filed: 18 Jan 23
Utility
Cloud security posture management systems and methods with a cloud-based system
8 Aug 23
Cloud Security Posture Management (CSPM) systems and methods include, in a node in a cloud-based system, obtaining a plurality of security policies and one or more compliance frameworks for a tenant of a cloud provider where the tenant has a cloud application deployed with the cloud provider, wherein each security policy defines a configuration and an expected value, and wherein each compliance framework includes one or more of the security policies; obtaining configurations of the cloud application; identifying misconfigurations of the cloud application based on a comparison of the obtained configurations with the plurality of security policies; analyzing the misconfigurations to determine risks including prioritization of the risks based on their likelihood of exposure to security breaches; and causing remediation of the identified misconfigurations and the determined risks, wherein the cloud-based system performs the CSPM service in addition to one or more additional cloud services.
Gururaj Pandurangi, Pravin Kulkarni, Rahul Khengare, Unmesh Meshram, Santosh Kumar Abhayraj Yadav, Shraddha Agrawal, Ankit Rao, Himalay Kondekar, Girish Murlidhar Jaju
Filed: 22 Sep 20
Utility
Zero trust private application access for government applications
3 Aug 23
Systems and methods include, receiving a request from a user to access an application; determining if the user meets one or more requirements, wherein responsive to the user meeting the one or more requirements, presenting the user with a login page; validating credentials of the user with one or more additional sources; responsive to successful validation of the users' credentials, authenticating the user and evaluating one or more access policies for the user; and initiating a connection between the user and the application based on the one or more access policies.
John A. Chanak, William Fehring, Richard Miles, Shujaat Jaffrey, Jose Padin, Matthew Moulton
Filed: 27 Jan 23
Utility
Mobile device security, device management, and policy enforcement in a cloud-based system
1 Aug 23
Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 28 Sep 22
Utility
Synthetic audit events in workload segmentation
27 Jul 23
Systems and methods include operating a local security agent that is configured to allow or block flows based on security policies, to implement microsegmentation; and, responsive to a block of a flow, creating a synthetic audit event that reflects what the flow would have been had it not been blocked.
Peter Nahas, Michael J. Melson, Scott Laplante, Raymond Brian Liu
Filed: 24 Jan 22
Utility
Software security agent updates via microcode
27 Jul 23
Systems and methods include a host system that is configured to execute a security agent that is configured to allow and block flows in a network, on the network interface, receive a script from a command & control server, and execute the script via an interpreter associated with the security agent, wherein the script is configured to any of disable behavior and modify behavior of the security agent at one or more hook points in the security agent.
Thomas E. Keiser, Jr.
Filed: 26 Jan 22
Utility
Browser fingerprinting and control for session protection and private application protection
20 Jul 23
Systems and methods for browser fingerprinting and control for private application protection include monitoring access to one or more private applications; performing one or more compliance checks on any of the user and the browser used to access the one or more private applications; and performing one or more actions based on a result of the one or more compliance checks.
Pooja Deshmukh, Kanti Varanasi, Apoorva Pasrija, Nikhil Bhatia, Sumit Guha
Filed: 24 Mar 23
Utility
Cloud access security broker systems and methods with an in-memory data store
13 Jul 23
A method performed by a Cloud Access Security Broker (CASB) service includes scanning data stored in one of a cloud provider and a Software-as-a-Service (SaaS) application, wherein the data is for a user associated with a company of a plurality of companies; detecting an incident in a file or email in the data during the scanning; maintaining details of the incident in an in-memory data store, including a current snapshot of the file or email; and providing a notification to the tenant of the incident.
Abhishek Bathla, Kumar Gaurav, Raman Madaan, Chakkaravarthy Periyasamy Balaiah, Shweta Gupta
Filed: 16 Mar 23
Utility
Cloud-based malware detection
27 Jun 23
Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems.
Kailash Kailash, Robert L. Voit, Jose Raphel
Filed: 7 Mar 22
Utility
Multi-tenant cloud-based firewall systems and methods
25 May 23
Multi-tenant cloud-based firewall systems and methods are described.
Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
Filed: 27 Jan 23
Utility
Cloud-based deception technology utilizing zero trust to identify threat intelligence, telemetry, and emerging adversary tactics and techniques
25 May 23
Cloud-based deception systems and methods with zero trust include hosting a decoy cloud environment for a customer that contains a plurality of decoys and that is hosted and separated from a real environment of the customer; receiving traffic from a user associated with the customer; detecting the traffic is related to accessing a fake asset on a user device associated with the user; rerouting the traffic to the decoy cloud environment; and monitoring activity associated with the fake asset in the decoy cloud environment.
Bhavesh Kothari, Sahir Hidayatullah, Deepen Desai, Akshay Shah, Reshad Patuck
Filed: 8 Jan 22
Utility
Cloud-based deception technology with granular scoring for breach detection
25 May 23
Cloud-based deception systems and methods include monitoring activity associated with a plurality of decoys hosted in a decoy cloud environment for a customer, wherein the decoy cloud environment is separate from a real environment of the customer, and wherein the activity is between one or more fake assets on user devices of users associated with the customer; scoring the activity based on various steps taken between a fake asset and a decoy; and detecting a breach of the customer based on the scoring of the activity.
Bhavesh Kothari, Sahir Hidayatullah, Deepen Desai, Akshay Shah, Reshad Patuck
Filed: 20 Apr 22
Utility
Cloud-based deception technology with auto-decoy and breadcrumb creation
25 May 23
Cloud-based deception systems and methods include monitoring activity of a user on a user device; analyzing the activity to determine a role of a plurality of roles, for the user at a customer; and creating one or more fake assets on the user device based on the determined role, wherein the one or more fake assets include any of files, passwords, breadcrumbs, lures, cookies, and sessions that are contextually relevant to the user's role, and wherein the one or more fake assets are configured to interact with one or more decoys hosted in a decoy cloud environment for the customer.
Bhavesh Kothari, Sahir Hidayatullah, Deepen Desai, Akshay Shah, Reshad Patuck
Filed: 20 Apr 22