Patents by Inventor Robert Earle Ashley
Robert Earle Ashley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12003485Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: February 23, 2023Date of Patent: June 4, 2024Assignee: Palo Alto Networks, Inc.Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20230208809Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: February 23, 2023Publication date: June 29, 2023Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 11616761Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: December 23, 2020Date of Patent: March 28, 2023Assignee: Palo Alto Networks, Inc.Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20210119969Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: December 23, 2020Publication date: April 22, 2021Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10931637Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: September 15, 2017Date of Patent: February 23, 2021Assignee: Palo Alto Networks, Inc.Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10855656Abstract: Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: September 15, 2017Date of Patent: December 1, 2020Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Robert Tesh, Xuanyu Jin, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10425387Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: GrantFiled: April 4, 2018Date of Patent: September 24, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 10298610Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: GrantFiled: July 9, 2018Date of Patent: May 21, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Publication number: 20190089678Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: September 15, 2017Publication date: March 21, 2019Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20190089677Abstract: Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: September 15, 2017Publication date: March 21, 2019Inventors: Robert Earle Ashley, Ho Yu Lam, Robert Tesh, Xuanyu Jin, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20180332079Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: ApplicationFiled: July 9, 2018Publication date: November 15, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Publication number: 20180309721Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: ApplicationFiled: April 4, 2018Publication date: October 25, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 10051001Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: GrantFiled: July 31, 2015Date of Patent: August 14, 2018Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 9967236Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: GrantFiled: July 31, 2015Date of Patent: May 8, 2018Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh