301 patents
Page 6 of 16
Utility
Highly scalable RESTful framework
8 Dec 22
Systems and methods implemented in a node in a cloud-based system include operating a first cloud service that is implemented as a monolith system; operating a RESTful framework (Representational State Transfer web service) embedded in the cloud node; and operating one or more applications for one or more cloud services utilizing the RESTful framework, wherein the one or more applications are microservices.
Sushil Pangeni, Srikanth Devarajan
Filed: 4 Jun 21
Utility
Network application security policy generation
6 Dec 22
Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy.
John O'Neil
Filed: 30 Sep 19
Utility
DLP Exact Data Matching
24 Nov 22
Systems and methods of Exact Data Matching (EDM) include receiving customer specific sensitive data for a customer, wherein the customer specific sensitive data are converted into a plurality of tokens; receiving a configuration for exact data matching of the plurality of tokens; performing inline monitoring of a user associated with the customer; detecting a presence of one or more tokens of the plurality of tokens based on the inline monitoring; and, responsive to the detecting, performing an action based on the configuration.
Pooja Deshmukh, Siva Udupa
Filed: 29 Jul 22
Utility
Automated estimation of network security policy risk
22 Nov 22
A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction.
John O'Neil, Michael J. Melson
Filed: 11 Jun 20
Utility
Geo tagging for advanced analytics and policy enforcement on remote devices
15 Nov 22
Systems and methods implemented in a node in a cloud-based system include loading a data structure into memory, wherein the data structure includes cities mapped to cells where the cells cover all of the Earth; receiving a call with a given latitude and longitude of a user device; finding a closest city to the given latitude and longitude utilizing the data structure; and providing the closest city in response to the call.
Ajit Singh
Filed: 2 Jun 21
Utility
Auto re-segmentation to assign new applications in a microsegmented network
8 Nov 22
Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies.
Scott Laplante, Peter Nahas, Xing Li, Suji Suresh, Daniel R. Perkins, Peter Smith
Filed: 17 Jun 21
Utility
Privileged remote access for OT/IOT/IIOT/ICS infrastructure
3 Nov 22
Systems and methods for privileged remote access to Operational Technology (OT)/Internet of Things (IOT)/Industrial IOT (IIOT)/Industrial Control System (ICS) infrastructure, implemented in a cloud-based system.
Clifford Kahn, William Fehring, Maneesh Sahu, Deepak Patel, Sunil Menon, Dejan Mihajlovic
Filed: 13 Jul 22
Utility
Statistical Network Application Security Policy Generation
3 Nov 22
Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy.
John O'Neil
Filed: 13 Jul 22
Utility
Mobile device security, device management, and policy enforcement in a cloud-based system
1 Nov 22
Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc.
Amit Sinha, Narinder Paul, Srikanth Devarajan
Filed: 8 Sep 21
Utility
Machine learning model abstraction layer for runtime efficiency
18 Oct 22
Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.
Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
Filed: 18 Sep 20
Utility
Cloud-based man-in-the-middle inspection of encrypted traffic using cloud-based multi-tenant HSM infrastructure
13 Oct 22
A method implemented by a node in a cloud-based system includes responsive to monitoring a user device, detecting a request for encrypted traffic to a domain from the user device; checking if a domain certificate for the domain is available in cache; responsive to the domain certificate being in the cache, creating a first tunnel to the domain and a second tunnel to the user device; and, responsive to the domain certificate not being in the cache, generating the domain certificate with a cloud hardware security module (HSM) system, and creating the first tunnel and the second tunnel.
Vijay Bulusu, Akshat Maheshwari, Harpreet Singh, Sujay Kumar, Lidor Pergament, Srikanth Devarajan
Filed: 17 Jun 22
Utility
Utilizing endpoint security posture, identification, and remote attestation for restricting private application access
13 Oct 22
Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application; determining a posture of the user device; and allowing access to the application based on whether the user is permitted to access the application and based on the posture of the user device.
Pankaj Chhabra, Amandeep Singh, Srujan Kotha, Sandeep Kumar, David Creedy, Sreedhar Pampati
Filed: 8 Apr 21
Utility
Data loss prevention expression building for a DLP engine
27 Sep 22
Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.
Zhifeng Zhang, Arun Bhallamudi, Pooja Deshmukh
Filed: 19 Aug 20
Utility
Identity-based enforcement of network communication in serverless workloads
15 Sep 22
Systems and methods include implementing dynamic runtime code manipulation to modify application code associated with calls related to networking, with the calls implemented by application software executed as a serverless workload; intercepting the calls from the application software based on the modified application code; determining whether to permit the calls based on a set of policies; responsive to permitting a call, making the call to an operating system interface on behalf of the application software; and, responsive to not permitting the call, providing a failure notification to the application software.
Thomas E. Keiser, JR.
Filed: 15 Mar 21
Utility
Distributed cloud-based security systems and methods
15 Sep 22
A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
Filed: 25 May 22
Utility
Detecting web probes versus regular traffic through a proxy including encrypted traffic
8 Sep 22
Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted.
Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng
Filed: 20 Apr 21
Utility
Cloud-based 5G security network architectures with workload isolation
8 Sep 22
Cloud-based 5G security, implemented in a Multi-Access Edge Compute (MEC) system, includes steps of receiving a request for compute resources from User Equipment (UE); validating a user of the UE for the compute resources; responsive to the user being authorized, creating a connection between the UE and a destination of the compute resources; responsive to the user being unauthorized, rendering the compute resources as hidden from the UE.
Nathan Howe, Kenneth B. Urquhart
Filed: 1 Oct 21
Utility
Cloud-based 5G security network architectures with secure edge steering
8 Sep 22
Cloud-based 5G security, implemented in a Multi-Access Edge Compute (MEC) system, includes steps of receiving a request for a workload from User Equipment (UE) via a Radio Access Network (RAN); determining a path to the workload; creating a tunnel to the workload; and steering the request to the workload via the tunnel that is independent of any underlying mobile network for the RAN.
Nathan Howe, Kenneth B. Urquhart
Filed: 1 Oct 21
Utility
Cached web probes for monitoring user experience
8 Sep 22
Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted.
Chenglong Zheng, Srikanth Devarajan, Vikas Mahajan, Sandeep Kamath Voderbet
Filed: 20 Apr 21
Utility
Secure edge workload steering and access
8 Sep 22
The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering.
Nathan Howe, Kenneth B. Urquhart, Subramanian Srinivasan, Sridhar Kartik Kumar Chatnalli Deshpande, Patrick Foxhoven
Filed: 21 Mar 22