178 patents
Utility
Production Build Integrity Verification
11 Jan 24
The present disclosure relates to systems and methods for production build integrity verification.
Abhishek Surpur, Kaushik Bhattacharjee, Vishal Gautam
Filed: 23 Aug 22
Utility
Encrypted traffic inspection in a cloud-based security system
4 Jan 24
A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of, responsive to establishing a connection with a user device having a user associated with a tenant and obtaining policy for the user, monitoring traffic between the user device and the Internet where the monitoring is at a middle location, inline between the user device and an endpoint; responsive to the traffic being encrypted as a tunnel, performing one or more operations to enable accessing the encrypted traffic; analyzing the traffic based on the policy, including at least checking for malicious traffic and Data Loss Prevention (DLP) for the tenant; and one of allowing, blocking, or limiting the traffic based on the analyzing.
Srikanth Devarajan, Vijay Bulusu, Leslie McCutcheon
Filed: 1 Aug 23
Utility
Egress Handling for Networks with Public Internet Protocol (IP) Address
28 Dec 23
The present disclosure relates to systems and methods for egress handling for networks with Public Internet Protocol (IP) address.
Pankaj Chhabra
Filed: 28 Jun 22
Utility
Hyperfine network slicing
28 Dec 23
A method implemented via a cloud-based system for network slicing in a 5G network includes connecting with a device that connects to the 5G network, wherein the cloud-based system includes a plurality of nodes interconnected to one another and including one or more nodes integrated in a user plane of the 5G network; inline monitoring traffic between the device and destinations including any of the Internet, cloud services, private applications, edge compute, Multiaccess Edge Compute (MEC), public/private data centers, and public/private clouds; and enforcing bandwidth control, in the 5G network, to a defined Quality of Service for a slice associated with the device.
Kartik Kumar Chatnalli Deshpande Sridhar, Arvind Nadendla, Kenneth B. Urquhart, Subramanian Srinivasan
Filed: 22 Jun 23
Utility
Systems and methods for providing a native browser experience for Cloud Browser Isolation (CBI) environments
21 Dec 23
Systems and methods provide native browser features in Cloud Browser Isolation (CBI) environments.
Catalin Dogaru, Ayush Ghimire, Nicolas Garfinkiel, Alex-Marian Negrea
Filed: 6 Sep 23
Utility
Advanced Machine Learning Techniques for Internet Outage Detection
7 Dec 23
The present systems and methods provide a user performance monitoring solution that enables the monitoring of application and device performance from the end user's point of view.
Prasannakumar Jobigenahally Malleshaiah, Alexander Frazier, Chakkaravarthy Periyasamy Balaiah, Javier Rodriguez Gonzalez, Ashok Kolachina, Sanjit Ganguli
Filed: 1 Jun 22
Utility
Real User Monitoring statistics from end users via plugin or browser extension
30 Nov 23
A cloud service is executed on a plurality of nodes, each including at least one processor, and the cloud service is configured to communicate with a plurality of user devices, each user device associated with a user from an organization of a plurality of organizations, and each user device includes a plugin or browser extension installed thereon, provide configuration information to any of the plurality of user devices where the configuration information includes a plurality of domains to be monitored by the plugin or browser extension, wherein the plugin or browser extension is configured to monitor and/or determine real user monitoring (RUM) statistics when a given user device accesses one of the plurality of domains; and receive the RUM statistics from any of the plurality of user devices.
Vaibhav Aher, Khaireddine Mazboudi, Sandeep Kamath, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah
Filed: 21 Mar 23
Utility
Utilizing Machine Learning for smart quarantining of potentially malicious files
23 Nov 23
Systems and methods of sandboxing a file include responsive to receiving a file associated with a user, obtaining policy for the user; analyzing the file with a machine learning model; and based on a combination of the policy for the user and a verdict of the machine learning model, one of quarantining the file for analysis in a sandbox and allowing the file to the user.
Changsha Ma, Rex Shang, Douglas A. Koch, Dianhuan Lin, Howie Xu, Bharath Kumar, Shashank Gupta, Parnit Sainion, Narinder Paul, Deepen Desai
Filed: 1 Aug 23
Utility
Systems and methods for detecting Destination Network Address Translation (DNAT) in network paths
23 Nov 23
Techniques for detecting Destination Network Address Translation (DNAT) in network paths.
Pankaj Chhabra
Filed: 24 Jul 23
Utility
System lab and standard operating procedure framework
16 Nov 23
The present disclosure relates to systems and methods for a system lab and SOP framework to support testing based on customer environments.
Sumit Bedi, Mandeep Singh, Anoop Kumar, Saurabh Singla, Gurmeet Singh
Filed: 27 Jun 22
Utility
Breach prediction via machine learning
16 Nov 23
Breach prediction via machine learning includes, responsive to (1) training one or more machine learning models in a breach prediction engine, (2) monitoring one or more users associated with an enterprise, and (3) detecting an incident that is one or more of a threat and a policy violation for a first user of the one or more users, analyzing details related to the incident with the breach prediction engine; displaying a breach prediction likelihood score for the enterprise based on the analyzing; and providing one or more recommendations for the enterprise based on the incident and the analyzing.
Deepen Desai, Dianhuan Lin, Rex Shang
Filed: 25 Jul 23
Utility
Contextual relationship graph based on user's network transaction patterns for investigating attacks
2 Nov 23
Systems and methods include receiving network transaction data for a plurality of users monitored by a cloud-based system; creating a relationship graph based on the plurality of user's recent network transactions for a time period, wherein the relationship graph includes vertices for domains and edges for transactions by users between the domains having some number of transaction in the time period; and analyzing the relationship graph to detect previously undetected suspicious anomalies.
Loc Bui, Douglas A. Koch, Matthew Cronin, Shudong Zhou, Miao Zhang, Dianhuan Lin, Rex Shang, Howie Xu, Nirmal Singh Bhary, Deepen Desai, Narinder Paul, Parnit Sainion, Kenneth Sigafoose, Bryan Lee, Josh Pyorre, Martin Walter, Atinderpal Singh, Brett Stone-Gross, Erik Yunghans
Filed: 27 Jul 22
Utility
Systems and methods for reducing server load with HTTPS cache
26 Oct 23
Techniques for processing web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic.
John A. Chanak, Chakkaravarthy Periyasamy Balaiah, Sandeep Kamath, Vikas Mahajan, Barrett Hostetter-Lewis, Gregory Rybinski, Rishabh Gupta, Pankaj Chhabra
Filed: 30 Jun 23
Utility
Systems and methods for automatic Secure Sockets Layer (SSL) bypass
28 Sep 23
The present disclosure relates to systems and methods for automatically bypassing SSL connections responsive to client SSL handshake failures.
Lidor Pergament, Srikanth Devarajan, Akshat Maheshwari
Filed: 16 May 23
Utility
Endpoint Data Loss Prevention
21 Sep 23
Systems and methods include receiving Data Loss Prevention (DLP) configurations for one or more devices, wherein the DLP configurations define how exfiltration of sensitive data is protected for the one or more devices; monitoring traffic of the one or more devices; and scanning the traffic of the one or more devices using the DLP configurations assigned to the one or more devices.
Arun Bhallamudi, Narinder Paul
Filed: 26 Sep 22
Utility
Stream processing of telemetry for a network topology
7 Sep 23
Systems and methods include receiving messages from local security agents each on a host in a network, wherein the messages include network topology of the network in terms of addresses and sockets; incrementally creating a network topology of the network based on the messages; determining security policies for one or more microsegments in the network based on flow data and the network topology; and providing the security policies to respective hosts for local implementation of the one or more microsegments.
Michael J. Melson, Scott Laplante
Filed: 7 Mar 22
Utility
Determining the path of User Datagram Protocol (UDP) traceroute probes
7 Sep 23
Techniques for determining the path of User Datagram Protocol (UDP) traceroute probes using Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP).
Chakkaravarthy Periyasamy Balaiah, Sandeep Kamath, Srikanth Devarajan, Pankaj Chhabra
Filed: 15 May 23
Utility
Exploit detection in a cloud-based sandbox
17 Aug 23
Computer-implemented systems and methods include receiving unknown content in a cloud-based sandbox; performing an analysis of the unknown content in the cloud-based sandbox; obtaining events based on the analysis; running one or more exploit detection rules on the events; and providing a score based on a result of the one or more rules.
Nirmal Singh Bhary, Tarun Dewan, Rajdeepsinh Dodia, Chiragkumar Kantibhai Prajapati
Filed: 18 Apr 23
Utility
Disaster recovery for cloud-based monitoring of internet access
17 Aug 23
Systems and methods include receiving one or more disaster recovery configurations; identifying activation of a disaster recovery mode; and controlling traffic flow such that the traffic is any of blocked to all destinations, allowed to all destinations, and allowed to preselected destinations based on the one or more received disaster recovery configurations.
Abhinav Bansal, Paul Yun Ling, Vikas Mahajan
Filed: 26 Apr 23
Utility
Generating zero-trust policy for application access based on sequence-based application segmentation
10 Aug 23
Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users and user metadata; analyzing the log data to determine one or more sequential patterns of application access; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users, based on the log data and the one or more sequential patterns of application access; and providing access policy of the plurality of applications based on the user-groups and the app-segments.
Chenhui Hu, Devesh Solanki, Gaurav Garg, Shikhar Omar, Raimi Shah, Dianhuan Lin, Rex Shang, Howie Xu
Filed: 18 Jan 23