Abstract: A method, implemented in a cloud-based system, includes, responsive to a client device having a Subscriber Identity Module (SIM) card therein connecting to a mobile network from a mobile network operator, receiving authentication of the client device based on the SIM card; receiving forwarded traffic from the client device; and processing the forwarded traffic according to policy, wherein the policy is determined based on one of a user of the client device and a type of the client device, each being determined based on the SIM card.

Abstract: Systems and methods include implementing dynamic runtime code manipulation to modify application code associated with calls related to networking, with the calls implemented by application software executed as a serverless workload; intercepting the calls from the application software based on the modified application code; determining whether to permit the calls based on a set of policies; responsive to permitting a call, making the call to an operating system interface on behalf of the application software; and, responsive to not permitting the call, providing a failure notification to the application software.

Abstract: Systems and methods implemented in a node in a cloud-based system include operating a first cloud service that is implemented as a monolith system; operating a RESTful framework (Representational State Transfer web service) embedded in the cloud node; and operating one or more applications for one or more cloud services utilizing the RESTful framework, wherein the one or more applications are microservices. The RESTful framework utilizes Hypertext Transfer Protocol (HTTP) methods.

Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.

Abstract: A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker. The plurality of workers can be further configured to cause an action in the one or more cloud providers based on the crawl and based on the policy and the configuration. The action can include any of allowing a file, deleting a file, quarantining a file, and providing a notification.

Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving encrypted traffic with an indicator in a header indicating a request for probe traffic; inspecting the request and a response for the probe traffic; and caching data associated with the response to in a cache.

Abstract: A computer system automatically learns which application behavior constitutes “multi-use” behavior by observing the behavior of applications on a network. The system uses this learned knowledge to automatically identify multi-use behavior in new applications that appear on the network. When the system enforces security policies against applications on the network, it identifies whether particular behavior of such applications violates any of the security policies. In this way, the system adapts automatically to new behavior of applications on the network over time in order to increase network security.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include periodically performing a full trace, at a first interval, to a destination; periodically performing a short trace, at a second interval that is less than the first interval, to a node in a cloud-based system; responsive to detection of issues based on the short trace, performing a full trace to the destination; and providing results of any of the full trace, the short trace, and any associated issues detected based thereon.

Abstract: Systems and methods include, on a respective node of a plurality of nodes communicatively coupled to one another forming a cloud-based system, receiving a request to obtain data from the third-party cloud application. The systems and methods also include implementing a lightweight agent, on the respective node, that is configured to access data, of a third-party cloud application of the cloud-based services, via an application-only security token layer on the cloud-based system. The systems and methods further include utilizing the lightweight agent to access the third-party cloud application via the application-only security token and obtain data from the third-party cloud application. The systems and methods yet further include providing a response to the request based on the data obtained from the third-party cloud application.

Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.

Abstract: Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service. The systems and methods can further include, prior to the causing, requiring the mobile device to install and launch an application, wherein registration with the security service requires the application; and performing the validation check via the application and a fake check service.

Abstract: Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.

Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.

Abstract: Systems and methods implemented in a node in a cloud-based system include loading a data structure into memory, wherein the data structure includes cities mapped to cells where the cells cover all of the Earth; receiving a call with a given latitude and longitude of a user device; finding a closest city to the given latitude and longitude utilizing the data structure; and providing the closest city in response to the call. The systems and methods can also include utilizing the closest city for policy in the cloud-based system for the user device.

Abstract: Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies. The assigning can be based on heuristics. The assigning can be performed without reperforming auto segmentation.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system.

Abstract: Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.

Abstract: Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.

Abstract: Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain.