178 patents
Page 5 of 9
Utility
Detection of latency, packet drops, and network hops through a tunnel by tracing hops therein
14 Jul 22
Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented.
Srikanth Devarajan
Filed: 14 Jan 21
Utility
Adaptive tracing using one of a plurality of protocols
14 Jul 22
Techniques for using trace with tunnels and cloud-based systems for determining measures of network performance are presented.
Pankaj Chhabra, Sandeep Kamath
Filed: 15 Sep 21
Utility
Data owner controls in DLP
23 Jun 22
Systems and methods include receiving an index of data for exact data matching, wherein the index includes Personally Identifiable Information (PII); receiving policy related to actions to perform for any violations associated with the exact data matching; loading the index and the policy into memory; monitoring traffic for violations, wherein the violations include detection of any values in the index in the traffic; and performing an action responsive to any violations and associated policy.
Pooja Deshmukh
Filed: 30 Dec 21
Utility
Microsegmentation for serverless computing
23 Jun 22
Systems and methods include obtaining a set of policies to in the serverless computing system, wherein the set of policies specify which applications are authorized for communication with the serverless computing system; and modifying rules in a network Access Control List (ACL) associated with the serverless computing system based on the set of policies, wherein the network ACL includes rules that specify allowing and blocking communication.
Peter Smith
Filed: 17 Dec 20
Utility
Administrative policy override in microsegmentation
23 Jun 22
Systems and methods include responsive to monitoring network communications of a network, generating a network communication model that labels the network communications, and generating policies based on the network communication model, wherein the policies specify which applications are authorized to communicate with one another, providing corresponding policies to a plurality systems in the network, wherein each system utilizes the corresponding policies to allow or block communications; responsive to one or more unauthorized communications being needed, performing two-factor authorization to determine if an exception is acceptable; and responsive to the two-factor authorization, providing temporary policies for the exception to allow the one or more unauthorized communications for a period of time.
Thomas E. Keiser, JR., Peter Smith, Lakshmi Suresh
Filed: 23 Dec 20
Utility
Cloud-based Malware Detection
16 Jun 22
Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems.
Kailash Kailash, Robert L. Voit, Jose Raphel
Filed: 7 Mar 22
Utility
Automatic segment naming in microsegmentation
26 May 22
Systems and methods include obtaining network communication information about hosts in a network and applications executed on the hosts; automatically generating one or more microsegments in the network based on analysis of the obtained network communication information, wherein each microsegment of the one or more microsegments is a grouping of resources including the hosts and the applications executed on the hosts that have rules for network communication; automatically generating a meaningful name for the one or more microsegments based on a plurality of techniques applied to information associated with the hosts; and displaying the automatically generated one or more microsegments and the corresponding automatically generated meaningful name.
John O'Neil, Peter Smith
Filed: 23 Nov 20
Utility
Explaining internals of Machine Learning classification of URL content
21 Apr 22
Systems and methods include obtaining Uniform Resource Locator (URL) transactions that were either undetected by a machine learning model or mischaracterized by the machine learning model; filtering the URL transactions based on any of size and transaction count; utilizing one or more techniques to determine words that provide an explanation for a category of a plurality of categories of the filtered URL transactions; and utilizing a label for the filtered URL transactions and the determined words for each as training data to update the machine learning model.
Shashank Gupta, Pankhuri Chadha, Narinder Paul
Filed: 3 Dec 20
Utility
Granular SaaS tenant restriction systems and methods
14 Apr 22
Systems and methods include obtaining a profile for an application, wherein the profile includes one or more tenants, rules for use of the application by the one or more tenants, and users for the rules; monitoring a user of a tenant of the one or more tenants inline via a node in a cloud-based system; identifying an application of the one or more applications based on the monitoring and associated rules for the user; and enforcing the associated rules for the user for the application.
Pooja Deshmukh, Narinder Paul, Naresh Kumar, Santhosh Kumar, Sravani Manukonda, Vijay Bulusu
Filed: 24 Nov 20
Utility
Selectively exposing Application Programming Interfaces dynamically for microservices
17 Mar 22
Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed.
Arvind Nadendla, Subramanian Srinivasan, Vivek Dhiman
Filed: 29 Oct 20
Utility
Utilizing Machine Learning to detect malicious executable files efficiently and effectively
17 Mar 22
Systems and methods include determining a plurality of features associated with executable files, wherein the plurality of features are each based on static properties in predefined structure of the executable files; obtaining training data that includes samples of benign executable files and malicious executable files; extracting the plurality of features from the training data; and utilizing the extracted plurality of features to train a machine learning model to detect malicious executable files.
Changsha Ma, Nirmal Singh, Naveen Selvan, Tarun Dewan, Uday Pratap Singh, Deepen Desai, Bharath Meesala, Rakshitha Hedge, Parnit Sainion, Shashank Gupta, Narinder Paul, Rex Shang, Howie Xu
Filed: 26 Oct 20
Utility
Utilizing Machine Learning to detect malicious Office documents
17 Mar 22
Systems and methods include, based on monitoring of content including Office documents, determining distribution of malicious Office documents between documents having malicious macros and documents having malicious embedded objects; determining features for the documents having malicious macros and for the documents having malicious embedded objects; selecting training data for a machine learning model based on the distribution and the features; and training the machine learning model with the selected training data.
Changsha Ma, Nirmal Singh, Naveen Selvan, Tarun Dewan, Uday Pratap Singh, Deepen Desai, Bharath Meesala, Rakshitha Hedge, Parnit Sainion, Shashank Gupta, Narinder Paul, Rex Shang, Howie Xu
Filed: 26 Oct 20
Utility
Deep tracing of user experience
10 Mar 22
Techniques for deep tracing of one or more users via a cloud-based system include receiving a request from an administrator to actively troubleshoot a user; causing a user device associated with the user to create a deep tracing session based on the request; assisting the user device in performing one or more traces of a plurality of traces to a destination; receiving results from any of the plurality of traces and results from metrics collected at the user device; and displaying a network map between the user device and the destination.
Amit Sinha, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Khaireddine Mazboudi, Sandeep Kamath Voderbet, Sushil Pangeni, Pratap Ramachandra, Amber Wu
Filed: 16 Nov 21
Utility
Detecting malicious mobile applications using machine learning in a cloud-based system
3 Mar 22
Systems and methods for detecting malicious mobile applications using machine learning in a cloud-based system utilize a traffic forwarding technique and a cloud-based Machine Learning (ML) model to assess the security of apps installed on a user device.
Rohit Goyal
Filed: 7 Oct 20
Utility
Utilizing Machine Learning for dynamic content classification of URL content
3 Mar 22
Systems and methods include obtaining data from Uniform Resource Locator (URL) transactions monitored by a cloud-based system; labeling the data for the URL transactions with a category of a plurality of categories that describe the content of a page associated with the URL; performing preprocessing of raw Hypertext Markup Language (HTML) files for the URL transactions; extracting features from the preprocessed raw HTML files; and creating a machine learning model based on the features, wherein the machine learning model is configured to score content associated with an unknown URL to determine a category of the plurality of categories.
Santhosh Kumar, Shashank Gupta, Dianhuan Lin, Pankhuri Chadha, Narinder Paul, Rex Shang, Howie Xu
Filed: 21 Oct 20
Utility
Cloud access security broker systems and methods with an in-memory data store
24 Feb 22
Systems and methods include receiving a record associated with an incident that was detected by the CASB system in a Software-as-a-Service (SaaS) application; determining a hash based on a plurality of levels for the record; determining if the record exists in a data store based on the hash, and if the record exists, deleting an old record; and inserting the record in the data store based on the hash, wherein the data store is maintained in-memory and includes records at leaf nodes in a multi-level hash based on the plurality of levels
Abhishek Bathla, Kumar Gaurav, Raman Madaan, Chakkaravarthy Periyasamy Balaiah, Shweta Gupta
Filed: 2 Oct 20
Utility
Semi-Automatic Communication Network Microsegmentation
17 Feb 22
A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.
Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
Filed: 28 Oct 21
Utility
Live log analysis for real-time data manipulation and visualization of a large data set
10 Feb 22
Systems and methods for visualization monitoring data from a cloud-based system include obtaining the monitoring data, wherein the monitoring data is based on transactions associated with a plurality of users of the cloud-based system; providing a Graphical User Interface (GUI); obtaining a plurality of filter selections for a plurality of filter types; and displaying a visualization comprising a Sankey diagram of the monitoring data with nodes in the Sankey diagram including each of the plurality of filter types and links between the nodes indicative of the transactions in the monitoring data.
Amit Sinha, Jasbir Singh Kaushal, Tiffany Bui, Sundar Rajkumar Jothimani, Priyanka Pani, Varun Singh
Filed: 6 Aug 20
Utility
Cloud Security Posture Management systems and methods with a cloud-based system
10 Feb 22
Cloud Security Posture Management (CSPM) systems and methods include, in a node in a cloud-based system, obtaining a plurality of security policies and one or more compliance frameworks for a tenant of a cloud provider where the tenant has a cloud application deployed with the cloud provider, wherein each security policy defines a configuration and an expected value, and wherein each compliance framework includes one or more of the security policies; obtaining configurations of the cloud application; identifying misconfigurations of the cloud application based on a comparison of the obtained configurations with the plurality of security policies; analyzing the misconfigurations to determine risks including prioritization of the risks based on their likelihood of exposure to security breaches; and causing remediation of the identified misconfigurations and the determined risks, wherein the cloud-based system performs the CSPM service in addition to one or more additional cloud services.
Gururaj Pandurangi, Pravin Kulkarni, Rahul Khengare, Unmesh Meshram, Santosh Kumar Abhayraj Yadav, Shraddha Agrawal, Ankit Rao, Himalay Kondekar, Girish Murlidhar Jaju
Filed: 22 Sep 20
Utility
Scaling private application access support per client
27 Jan 22
Systems and methods implemented via a broker in a cloud-based system include steps of, responsive to a user and associated user device executing a client connector being authenticated, receiving a notification from the client connector; determining private applications accessible by the user based on policy, wherein the private applications are located in one of a public cloud, a private cloud, and an enterprise network; and sending a Top-Level Domain+1 (TLD+1) list of the accessible private applications to the user device, wherein the TLD+1 includes a TLD and a domain name.
John A. Chanak, Xiang Yu, Ramesh Kumar Somasundaram, Anjali Anjali, Andrey Tverdokhleb, Vikas Mahajan
Filed: 30 Sep 21