178 patents
Page 7 of 9
Utility
Sub-clouds in a cloud-based system for private application access
28 Oct 21
Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.
John A. Chanak, Kunal Shah
Filed: 6 Jul 21
Utility
Connector selection through a cloud-based system for private application access
28 Oct 21
Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.
Kunal Shah, John A. Chanak, Vamshi Palkonda
Filed: 6 Jul 21
Utility
Cloud-based web application and API protection
28 Oct 21
Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.
Pooja Deshmukh, Leslie Smith, William Fehring, Kanti Varanasi, John A. Chanak
Filed: 6 Jul 21
Utility
Client forwarding policies for zero trust access for applications
28 Oct 21
Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.
Kunal Shah, John A. Chanak, David Creedy
Filed: 24 Nov 20
Utility
Data Loss Prevention incident forwarding
21 Oct 21
A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.
Narinder Paul, Arun Bhallamudi, James Tan, Frank Zhang, Poola Deshmukh
Filed: 21 Apr 20
Utility
Data Loss Prevention expression building for a DLP engine
21 Oct 21
Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.
Zhifeng Zhang, Arun Bhallamudi, Pooja Deshmukh
Filed: 19 Aug 20
Utility
Data Loss Prevention on images
21 Oct 21
Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.
Narinder Paul, Arun Bhallamudi
Filed: 19 Aug 20
Utility
Auto re-segmentation to assign new applications in a microsegmented network
7 Oct 21
Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies.
Scott Laplante, Peter Nahas, Xing Li, Suji Suresh, Daniel R. Perkins, Peter Smith
Filed: 17 Jun 21
Utility
Private service edge nodes in a cloud-based system for private application access
7 Oct 21
Systems and methods include, connecting to a first service edge node in a cloud-based system and obtaining one or more addresses each for one or more service edge nodes in the cloud-based system, wherein the one or more service edge nodes include public service edge nodes and private service edge nodes; connecting to a second service edge node of the one or more service edge nodes using the corresponding address; providing a request for an application to the second service edge node; and responsive to policy and accessibility determined via the cloud-based system, receiving access to the application via a connector adjacent to the application.
John A. Chanak, Ale A. Mansoor, Maxim Perepelitsyn, Deepak Khungar, William Fehring
Filed: 21 Jun 21
Utility
Network exposure detection and security assessment tool
7 Oct 21
Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain.
Nathan Howe
Filed: 3 Apr 20
Utility
Systems and methods for efficiently maintaining records in a cloud-based system
9 Sep 21
Systems and methods include obtaining statistics based on monitoring in a cloud-based system for a given time period; and, responsive to determining an arrangement of counters for N counters, storing each of M counters for the given time period as a plurality of records with each record including a record type, a possible offset to a next record in terms of a counter identifier (ID), and a counter value, wherein N and M are integers and M<<N, and wherein the arrangement is determined such that most frequently used counters occupy lower counter IDs.
Raman Madaan, Kumar Gaurav, Chakkaravarthy Periyasamy Balaiah, Kailash Kailash
Filed: 17 Apr 20
Utility
Cloud access security broker systems and methods via a distributed worker pool
19 Aug 21
A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker.
Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
Filed: 30 Mar 20
Utility
Private application access with browser isolation
12 Aug 21
Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.
Alex-Marian Negrea, Constantin Miroslav, John A. Chanak
Filed: 29 Apr 21
Utility
Securing local network traffic using cloud computing
29 Jul 21
Systems and methods for securely handling data traffic on local or private networks, such as by using cloud computing, are provided.
Abhinav Bansal, Rohit Goyal
Filed: 15 Apr 21
Utility
Monitoring and analysis of third-party cloud-based applications
15 Jul 21
Systems and methods include, on a respective node of a plurality of nodes communicatively coupled to one another forming a cloud-based system, receiving a request to obtain data from the third-party cloud application.
Steve Peschka
Filed: 3 Mar 21
Utility
Dynamic rules engine in a cloud-based sandbox
24 Jun 21
Computer-implemented systems and methods include receiving unknown content in a cloud-based sandbox; performing an analysis of the unknown content in the cloud-based sandbox, to obtain a score to determine whether or not the unknown content is malware; obtaining events based on the analysis; running one or more rules on the events; and adjusting the score based on a result of the one or more.
Nirmal Singh Bhary, Deepen Desai
Filed: 30 Jan 20
Utility
Disaster recovery for a cloud-based security service
3 Jun 21
Systems and methods include intercepting traffic on the user device; forwarding the traffic to a cloud-based system for security processing therein; and, responsive to unavailability of the cloud-based system preventing the forwarding, performing local security processing of the traffic at the user device including determining whether the traffic is allowed based on a cache at the user device, forwarding the traffic separate from the cloud-based system when it is allowed, and blocking the traffic when it is not allowed.
Patrick Foxhoven, Amit Sinha, Vikas Mahajan, Rohit Goyal
Filed: 21 Jan 21
Utility
Proxy Auto Config (PAC) file parser systems and methods
27 May 21
Proxy Auto Config (PAC) file parser systems and methods enable file parsing on user devices without Just-in-Time (JIT) compilation in JavaScript, with a memory efficient implementation and with efficient performance.
Amandeep Singh
Filed: 21 Nov 19
Utility
Secure access for B2B applications
6 May 21
Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system.
Patrick Foxhoven, John A. Chanak, William Fehring, Manoj Apte, Kunal Shah, Dhawal Sharma
Filed: 30 Oct 20
Utility
DLP appliance and method for protecting data sources used in data matching
22 Apr 21
Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.
Balakrishna Bayar, Arun Bhallamudi, Srikanth Devarajan, Siva Udupa
Filed: 23 Dec 20