Patents by Inventor Thomas Evan Keiser, JR.
Thomas Evan Keiser, JR. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902332Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: GrantFiled: January 16, 2023Date of Patent: February 13, 2024Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Patent number: 11843577Abstract: Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.Type: GrantFiled: August 16, 2021Date of Patent: December 12, 2023Assignee: Zscaler, Inc.Inventors: Ajit Singh, Vivek Ashwin Raman, Abhinav Bansal, Thomas Evan Keiser, Jr., John H. O'Neil
-
Publication number: 20230156040Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: ApplicationFiled: January 16, 2023Publication date: May 18, 2023Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Patent number: 11632401Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: GrantFiled: October 28, 2021Date of Patent: April 18, 2023Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20220053026Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: ApplicationFiled: October 28, 2021Publication date: February 17, 2022Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20210377210Abstract: Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.Type: ApplicationFiled: August 16, 2021Publication date: December 2, 2021Inventors: Ajit Singh, Vivek Ashwin Raman, Abhinav Bansal, Thomas Evan Keiser, JR., John H. O'Neil
-
Patent number: 11178187Abstract: A computer system automatically generates a proposal for network application security policies to be applied on a telecommunications network. The system provides output representing the proposed network application security policies to a user. The user provides input either approving or disapproving of the network application security policies. If the user approves, then the system applies the of the proposed microsegmentation. This process may be repeated for a plurality of hosts and subsets thereof within the same network, and may be repeated over time to modify one or more existing network application security policies. The network application security policies govern inbound and outbound connections to the hosts in the network.Type: GrantFiled: June 11, 2020Date of Patent: November 16, 2021Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20210344723Abstract: Systems and methods for microsegmentation include receiving network communication information that describes flows between hosts in a network and applications executed on the hosts; generating a network communication model based on the network communication information that labels flows; and providing polices to the hosts based on the network communication model where the policies cause performance a set of actions, locally at a host, on any of the flows based on corresponding labels. The labels are one of healthy and unhealthy. The set of actions include blocking, allowing, and allowing for a period of time before confirmation.Type: ApplicationFiled: July 14, 2021Publication date: November 4, 2021Inventors: John H. O'Neil, Peter Smith, Thomas Evan Keiser, JR.
-
Patent number: 11070591Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.Type: GrantFiled: September 20, 2019Date of Patent: July 20, 2021Assignee: Zscaler, Inc.Inventors: Peter Smith, Thomas Evan Keiser, Jr.
-
Publication number: 20200396255Abstract: A computer system automatically generates a proposal for performing microsegmentation on a network. The system provides output representing the proposed microsegmentation to a user. The user provides input either approving or disapproving of the proposed microsegmentation. If the user approves of the proposed microsegmentation, then the system implements the microsegmentation. Otherwise, the system does not implement the proposed microsegmentation. This process may be repeated for a plurality of proposed microsegmentations within the same network, and may be repeated over time to modify one or more existing microsegmentations. The system advantageously performs the vast majority of the work required to microsegment the network automatically, leaving only the task of review and approval to the user. This both saves a significant amount of time and increases the quality of the microsegmentation in comparison to microsegmentation solely performed manually by one or more humans.Type: ApplicationFiled: June 11, 2020Publication date: December 17, 2020Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Patent number: 10819612Abstract: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.Type: GrantFiled: July 3, 2019Date of Patent: October 27, 2020Assignee: Zscaler, Inc.Inventors: John O'Neil, Thomas Evan Keiser, Jr., Peter Smith
-
Publication number: 20200021618Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.Type: ApplicationFiled: September 20, 2019Publication date: January 16, 2020Inventors: Peter Smith, Thomas Evan Keiser, JR.
-
Publication number: 20190349283Abstract: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.Type: ApplicationFiled: July 3, 2019Publication date: November 14, 2019Inventors: John O'Neil, Thomas Evan Keiser, JR., Peter Smith
-
Patent number: 10348599Abstract: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.Type: GrantFiled: November 9, 2018Date of Patent: July 9, 2019Assignee: Edgewise Networks, Inc.Inventors: John O'Neil, Thomas Evan Keiser, Jr., Peter Smith
-
Publication number: 20190149444Abstract: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.Type: ApplicationFiled: November 9, 2018Publication date: May 16, 2019Inventors: John O'Neil, Thomas Evan Keiser, JR., Peter Smith