301 patents
Page 5 of 16
Utility
Cloud access security broker systems and methods via a distributed worker pool
14 Feb 23
A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker.
Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
Filed: 30 Mar 20
Utility
Highly scalable RESTful framework
14 Feb 23
Systems and methods implemented in a node in a cloud-based system include operating a first cloud service that is implemented as a monolith system; operating a RESTful framework (Representational State Transfer web service) embedded in the cloud node; and operating one or more applications for one or more cloud services utilizing the RESTful framework, wherein the one or more applications are microservices.
Sushil Pangeni, Srikanth Devarajan
Filed: 4 Jun 21
Utility
Data Loss Prevention via dual mode Indexed Document Matching
9 Feb 23
Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.
Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
Filed: 23 Aug 22
Utility
Mobile device security, device management, and policy enforcement in a cloud-based system
26 Jan 23
Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 28 Sep 22
Utility
Detecting web probes versus regular traffic through a proxy including encrypted traffic
24 Jan 23
Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted.
Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng
Filed: 20 Apr 21
Utility
Maintaining dependencies in a set of rules for security scanning
19 Jan 23
Systems and methods include receiving a copy of a template file of security rules where the template file includes a plurality of rule tags and one or more dependency tags that define relationships and dependencies between any rules associated with the plurality of rule tags; scanning the template file including, for each respective rule tag of the plurality of rule tags checking if an enabled flag is set for the respective rule tag, when the enable flag is set, looking up a respective rule in a rule database and replacing the respective rule tag with the respective rule, and when the enable flag is not set, removing the respective rule tag from the template file; and providing an output file including a plurality of rules having the relationships and dependencies, where the output file is used for security scanning.
Leslie Smith
Filed: 18 Feb 22
Utility
Machine learning model abstraction layer for runtime efficiency
19 Jan 23
Systems and methods include receiving a trained machine learning model that has been processed with training information removed therefrom, wherein the training information is utilized in training of the trained machine learning model; monitoring traffic, inline at the node, including processing the traffic with the trained machine learning model; obtaining a verdict on the traffic based on the trained machine learning model; and performing an action on the traffic based on the verdict.
Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
Filed: 29 Sep 22
Utility
Application identity-based enforcement of datagram protocols
19 Jan 23
Systems and methods include obtaining telemetry from a plurality of security agents each operating on a device in a network, wherein the telemetry is collected locally related to datagram protocol packets; analyzing the telemetry to determine applications associated with the datagram protocol packets flowing in the network and virtual circuits between each of the applications; determining enforcement policies for each application that communicates with other applications over a datagram protocol; and providing the enforcement policies to the plurality of security agents for allowing and blocking communications associated with the datagram protocol.
Thomas E. Keiser, JR.
Filed: 9 Jul 21
Utility
Cloud access security broker user interface and analytics systems and methods
19 Jan 23
Systems and methods include, providing a UI for a tenant to input one or more malware and DLP rules, and trusted user exceptions; responsive to a scan by the CASB system of a plurality of users associated with a tenant in a SaaS application where the scan includes identifying malware in content in the SaaS application and performing DLP in the content in the SaaS application based on the one or more malware and DLP rules and trusted user exceptions, maintaining records associated with a plurality of incidents for the malware and the DLP; and providing the UI for the tenant including an analytics view with a plurality of summary tiles including visualizations of the plurality of incidents for the malware and DLP for the tenant and a table listing any of the plurality of incidents for the malware and the DLP for the tenant.
Pooja Deshmukh
Filed: 21 Sep 22
Utility
Predefined signatures for inspecting private application access
19 Jan 23
Systems and methods include, responsive to security research identifying a zero-day Common Vulnerabilities and Exposure (CVE), receiving the associated signatures of the zero-day CVE; responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining an inspection profile for the user with the inspection profile including a plurality of rules; performing inspection of transactions after the access using the plurality of rules including a rule for identifying the zero-day CVE; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.
Pooja Deshmukh, Amit Banker, Kanti Varanasi, John A. Chanak, William Fehring, Nishant Gupta
Filed: 20 Jun 22
Utility
Automated software capabilities classification model that identifies multi-use behavior of new applications on a network
10 Jan 23
A computer system automatically learns which application behavior constitutes “multi-use” behavior by observing the behavior of applications on a network.
John O'Neil, Peter Smith
Filed: 9 Jun 20
Utility
Proactively detecting failure points in a network
3 Jan 23
Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented.
Sandeep Kamath Voderbet, Chakkaravarthy Periyasamy Balaiah, Srikanth Devarajan
Filed: 1 Mar 21
Utility
Secure access to third-party cloud-based applications
3 Jan 23
Systems and methods include, on a respective node of a plurality of nodes communicatively coupled to one another forming a cloud-based system, receiving a request to obtain data from the third-party cloud application.
Steve Peschka
Filed: 3 Mar 21
Utility
Selectively exposing application programming interfaces dynamically for microservices
27 Dec 22
Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed.
Arvind Nadendla, Subramanian Srinivasan, Vivek Dhiman
Filed: 29 Oct 20
Utility
Zero-Trust Enabled Workload Access for User Equipment
22 Dec 22
The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering.
Nathan Howe
Filed: 17 Aug 22
Utility
Enforcing security policies on mobile devices in a hybrid architecture
20 Dec 22
Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein.
Vikas Mahajan, Rohit Goyal
Filed: 7 Jul 20
Utility
Quarantining fake, counterfeit, jailbroke, or rooted mobile devices in the cloud
20 Dec 22
Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service.
Sreedhar Pampati, David Creedy, Brijesh Singh
Filed: 30 May 19
Utility
Detecting unused, abnormal permissions of users for cloud-based applications using a genetic algorithm
15 Dec 22
Systems and methods include obtaining unused user accounts associated with a cloud application where an unused user account is one where a corresponding user has not accessed the cloud application in a certain period of time; determining a subset of the unused user accounts that are abnormal user accounts, wherein an abnormal user account is one that is anomalous compared to similar users; scoring and ranking the unused and abnormal user accounts; and remediating a set of the ranked unused and abnormal user accounts.
Arik Kfir, Nadav Pozmantir, Hila Paz Herszfang
Filed: 10 Jun 21
Utility
Geo Tagging for advanced analytics and policy enforcement on remote devices
8 Dec 22
Systems and methods implemented in a node in a cloud-based system include loading a data structure into memory, wherein the data structure includes cities mapped to cells where the cells cover all of the Earth; receiving a call with a given latitude and longitude of a user device; finding a closest city to the given latitude and longitude utilizing the data structure; and providing the closest city in response to the call.
Ajit Singh
Filed: 2 Jun 21
Utility
Distributed Telemetry and Policy Gateway in the cloud for remote devices
8 Dec 22
Systems and methods include connecting to and authenticating a plurality of user devices; utilizing a plurality of RESTful (Representational State Transfer web service) endpoints to communicate with the plurality of user devices; providing any of policy and configuration to the plurality of user devices utilizing version number via a RESTful endpoint; caching the any of policy and configuration for each device of the plurality of user devices; and receiving metrics based on measurements at the plurality of user devices according to corresponding policy and configuration, via a RESTful endpoint.
Sushil Pangeni, Srikanth Devarajan, Ajit Singh, Chenglong Zheng, Sandeep Kamath, Di Wang
Filed: 4 Jun 21