Patents Assigned to Netskope, Inc.
-
Patent number: 12659357Abstract: A network security system (NSS) is described that performs context aware GenAI traffic inspection using sliding windows. The NSS receives an interaction between an endpoint and a GenAI model, where data of the interaction arrives at the NSS in serial order. The NSS analyzes the interaction by storing the data in chunks in serial order as the data arrives, selecting a batch of the chunks including a target chunk that fall within a sliding window, evaluating the batch of chunks with a detection module that includes a language processing model such that the chunks in the batch preceding the target chunk provide context awareness for the language processing model, and repeatedly advancing the sliding window from the target chunk to the next chunk in serial order to select the next batch. The NSS applies a security policy to the interaction based on results of analyzing the interaction.Type: GrantFiled: November 5, 2025Date of Patent: June 16, 2026Assignee: Netskope, Inc.Inventor: Siying Yang
-
Patent number: 12647362Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server. The approaches include intercepting requests to the SaaS server from a user group and monitoring a rate of API calls the API calls forwarded to the SaaS server, identifying one or more power users based on a notification threshold value for the user group, and managing the rate of the API calls for the requests submitted by the identified power users of the user group in accordance with an API call throttle limit, thus remediating triggering of the throughput penalty.Type: GrantFiled: August 5, 2024Date of Patent: June 2, 2026Assignee: Netskope, Inc.Inventors: Chandrasekaran Rajagopalan, Brian Miller
-
Publication number: 20260149695Abstract: A controlled content system for providing a controlled and contained environment that is remotely accessible is disclosed. A third-party application on the end user device is modified to allow certain sites and services to be mediated in a mid-link server. The third-party application uses policies to know when to access the mid-link server for the controlled and contained environment. A Hypertext Transfer Protocol (HTTP) stack for connection with remote services is based on the network packet traffic identified by the policies as mediated targets. The HTTP stack is modified, or the HTTP stack is substituted with a mediated HTTP stack. A Hypertext Transfer Protocol Secure (HTTPS) or a Virtual Private Network (VPN) connection is configured to connect to the mid-link server for the mediated targets, and for targets that are not mediated, the HTTP connection is configured between the end user device and the targets without the mid-link server.Type: ApplicationFiled: December 1, 2025Publication date: May 28, 2026Applicant: Netskope, Inc.Inventor: Bradley B. Harvell
-
Patent number: 12641100Abstract: Computer network anomaly detection systems and methods are disclosed. One embodiment includes retrieving one or more learned profiles for a group of networked computing devices included in a computer network from a database. For each pair of computing devices in the group, a pairwise distance matrix may be computed. Each pairwise distance in the pairwise distance matrix is computed based on a statistical data profile associated with each computing device in each pair of computing devices from the group. The statistical data profiles may be included in the learned profiles. Any pairwise distances that are greater than a threshold may be removed from the pairwise distance matrix to generate a reduced pairwise distance matrix. One or more computing devices associated with the remaining pairwise distances in the reduced pairwise distance matrix may be sorted into a cluster of computing devices. An anomaly score may be computed for the cluster.Type: GrantFiled: October 17, 2023Date of Patent: May 26, 2026Assignee: NETSKOPE, INC.Inventors: Srinivas Akella, Shahab Sheikh-Bahaei
-
Patent number: 12632572Abstract: The disclosed technology facilitates User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.Type: GrantFiled: February 23, 2024Date of Patent: May 19, 2026Assignee: Netskope, Inc.Inventors: Yi Zhang, Siying Yang, Yihua Liao, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Ari Azarafrooz
-
Patent number: 12615242Abstract: The disclosed technology teaches a method for security monitoring in TLS or other certificate-pinned sessions by a cloud-based network security system. When a security condition is detected in the decrypted packets, alerts are generated for the client device. The method involves injecting a message into the session using keys extracted by the cloud-based resource for encryption. Some implementations utilize an inspection proxy and an endpoint routing client for secure tunneling. A secure web gateway buffers encrypted packets in a new session with a cloud-based resource, detects a connection access request from a certificate-pinned application, requests and receives key extraction, and forwards keys to the security system. The secure web gateway applies the keys to systematically encrypted traffic, decrypts packets, and relays ongoing session traffic between the security system and the client device via the inspection proxy, which applies security policies during the process.Type: GrantFiled: February 8, 2024Date of Patent: April 28, 2026Assignee: Netskope, Inc.Inventors: Oleg Murat Smolsky, Yongjie Yin
-
Patent number: 12613890Abstract: The technology disclosed includes a system to perform multi-label support vector machine (SVM) classification of a document. The system creates document features representing frequencies or semantics of words in the document. Trained SVM classification parameters for a plurality of labels are applied to the document features for the document. The system determines positive and negative distances between SVM hyperplanes for the labels and the feature vector. Labels with positive distance to the feature vector are harvested. When the distribution of negative distances is characterized by a mean and standard deviation, the system further harvests the labels with a negative distance such that the harvested labels include the labels with a negative distance between the mean negative distance and zero and separated from the mean negative distance by a predetermined first number of standard deviations.Type: GrantFiled: January 17, 2025Date of Patent: April 28, 2026Assignee: Netskope, Inc.Inventors: Ravindra K. Balupari, Sandeep Yadav
-
Machine learning powered cloud sandbox for malware detection in portable document format (PDF) files
Patent number: 12596804Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely open and extract information about a PDF file and uses machine learning algorithms to analyze the information to predict whether the PDF file contains malware. Specifically, dynamic information about the PDF file is captured while it is open in the sandbox. Static information is extracted from the PDF file as well. The dynamic and static information is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the PDF file contains malware. A verdict engine uses the output from the AI or machine learning model to classify the document as malicious or clean. Security policies can then be applied based on the classification.Type: GrantFiled: October 4, 2024Date of Patent: April 7, 2026Assignee: Netskope, Inc.Inventors: Xinjun Zhang, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen, Dong Guo -
Patent number: 12598216Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.Type: GrantFiled: April 10, 2024Date of Patent: April 7, 2026Assignee: Netskope, Inc.Inventors: Krishna Narayanaswamy, Ajay Agrawal
-
Patent number: 12593210Abstract: A dynamic security system to secure cellular devices across a cellular network in a cloud-based environment. The dynamic security system includes a tenant of multiple tenants having multiple cellular devices, a tunnel, a traffic steering module, and a threat management module. The tunnel transmits and identifies traffic associated with different network identifiers. The traffic steering module routes traffic towards gateways and the threat management module analyzes traffic at the tunnel and generates policies and recommendations to remediate a threat. The threat management module intercepts traffic within the tunnel at an application layer of the cloud-based environment, creates policy profiles for tenants, monitors a threat landscape, and relates the threat with the policy profiles. The threat management module further stores tenant profiles, threat information, and policy profiles.Type: GrantFiled: September 20, 2024Date of Patent: March 31, 2026Assignee: Netskope, Inc.Inventors: Kallol Banerjee, Harsh Pandey, Bryan D. Black, Jonathan Bosanac
-
Patent number: 12592959Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.Type: GrantFiled: June 23, 2023Date of Patent: March 31, 2026Assignee: Netskope, Inc.Inventors: Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang
-
Publication number: 20260089509Abstract: A dynamic security system to secure cellular devices across a cellular network in a cloud-based environment. The dynamic security system includes a tenant of multiple tenants having multiple cellular devices, a tunnel, a traffic steering module, and a threat management module. The tunnel transmits and identifies traffic associated with different network identifiers. The traffic steering module routes traffic towards gateways and the threat management module analyzes traffic at the tunnel and generates policies and recommendations to remediate a threat. The threat management module intercepts traffic within the tunnel at an application layer of the cloud-based environment, creates policy profiles for tenants, monitors a threat landscape, and relates the threat with the policy profiles. The threat management module further stores tenant profiles, threat information, and policy profiles.Type: ApplicationFiled: September 20, 2024Publication date: March 26, 2026Applicant: Netskope, Inc.Inventors: Kallol Banerjee, Harsh Pandey, Bryan D. Black, Jonathan Bosanac
-
Publication number: 20260080026Abstract: An intermediary server provides secure access to a web page of a web-based service upon request of a web server. The intermediary server includes an operating system that runs a new instance of a web browser engine. The web browser engine creates a temporary folder to isolate the new instance from other instances and deletes the temporary folder upon deletion of the new instance. The web browser engine produces an image of a web page rendered in the new instance and transmits an access web page to a web browser. The access web page is configured to retrieve the image from the web browser engine and display the image in the web browser. User interactions are registered and sent to the new instance in the intermediary server. The user interactions are reproduced within the new instance and the new instance produces images of the web page after the user interactions.Type: ApplicationFiled: September 15, 2025Publication date: March 19, 2026Applicant: Netskope, Inc.Inventors: Mariano Largo Del Amo, Victor Jurado Martinez
-
Simulation and visualization of malware spread through sharing of data objects in cloud applications
Patent number: 12580945Abstract: The technology disclosed relates to simulating spread of a malware in cloud applications. In particular, the technology disclosed relates to accessing sharing data for files shared between users via sync and share mechanisms of cloud applications, tracing connections between the users by traversing a directed graph constructed based on the sharing data, and simulating spread of a malware based on the traced connections to simulate user exposure to, infection by, and transmission of the malware. The connections are created as a result of syncing and sharing the files via the sync and share mechanisms. The malware is spread by syncing and sharing of infected ones of the files via the sync and share mechanisms.Type: GrantFiled: June 4, 2024Date of Patent: March 17, 2026Assignee: Netskope, Inc.Inventors: Sean Hittel, Ravindra K. Balupari -
Patent number: 12580960Abstract: The technology disclosed intercepts a webpage rendered by a server in response to a user action executed on a client. The technology disclosed analyzes one or more images of the webpage and determines that a particular hosted service is represented by the images. It analyzes one or more fields of the webpage and determines that the fields elicit confidential information. The technology disclosed intercepts a request generated by the client in response to another user action providing the confidential information via the fields. The technology disclosed analyses the request and determines that the confidential information is being exfiltrated to an unsanctioned resource. This determination is made by comparing a resource address in the request with one or more sanctioned resource addresses used by the particular hosted service. The technology disclosed determines that the webpage is effectuating a phishing attack and blocks transmission of the confidential information to the unsanctioned resource.Type: GrantFiled: November 6, 2023Date of Patent: March 17, 2026Assignee: Netskope, Inc.Inventor: Krishna Narayanaswamy
-
Publication number: 20260075097Abstract: A policy-controlled access security system for managing access security to electronic agents in cloud based multi-tenant systems includes a client device, a mid-link server, and a web server. A local application running on the client device requests access to an electronic agent of a remote application of the web server. Policies are determined for controlled access to the electronic agent. The set of policies is enforced on the client device and access to the electronic agent is provided. An audit is performed during the access by identifying one or more AI devices, determining compliance of the identified AI devices with the set of policies, and disabling the AI devices in response to non-compliance. A request for re-authorization to enable a disabled functionality of the electronic agent is received and analyzed for compliance with the set of policies. Upon granting the re-authorization, the set of policies is modified.Type: ApplicationFiled: September 8, 2025Publication date: March 12, 2026Applicant: Netskope, Inc.Inventors: James S. Robinson, Damian C. Chung, Lamont Orange
-
Patent number: 12572651Abstract: A cloud-based network security system (NSS) is described. The NSS extracts information about a document (e.g., a portable document format (PDF) file) and uses heuristic rules to analyze the information to predict whether the document contains malicious software. Specifically, prior to detonation of the document, object features, code features, and embedded features of the document are extracted. The extracted information is input to a classification engine that applies sets of heuristic rules to groups of the features of the document to provide an output indicating a prediction of whether the document contains malware. A routing engine provides the document for further analysis (e.g., deep scanning) if the document is suspicious or bypasses the further analysis if the document is benign. Security policies can then be applied based on the classification.Type: GrantFiled: May 7, 2024Date of Patent: March 10, 2026Assignee: Netskope, Inc.Inventors: Ghanashyam Satpathy, Hung-Chun Chu, Hung-Ming Chen
-
Patent number: 12561620Abstract: The technology discloses training a classifier to label webpages with categories, extracting from a training database with thousands of webpages tentatively labeled with ground truth categories, dataset A and dataset B; training a classifier using A; and applying it to webpages in B to assign a webpage a label and a classification score. Also disclosed is cleaning B, removing webpages based on evaluation of a decision confidence metric derived from the score assigned for the webpage; and training a second classifier using cleaned B, with second classifier weights initialized independent of trained first classifier weights; and applying the second classifier to webpages in A to assign a webpage the label, score, and decision confidence matrix, and cleaning A, removing webpages from A based on the decision confidence metric. Then combining cleaned A and cleaned B into a combined clean dataset, and training the third classifier using the combined clean dataset.Type: GrantFiled: October 2, 2023Date of Patent: February 24, 2026Assignee: Netskope, Inc.Inventors: Yi Zhang, Rongrong Tao, Xinjun Zhang, Dong Guo, Hongbo Yang, Jun Ou
-
Publication number: 20260039551Abstract: Systems and methods for testing compliance of an instance within a cloud computing environment. The method includes identifying a first policy selected from plurality of policies applied to a cloud instance during a predetermined time period. A testing schedule for the instance is retrieved, which specifies the frequency of compliance testing against each policy. A corresponding test module is retrieved to check compliance with the first policy. The method further includes determining whether the predetermined time period has expired, the predetermined time is measured from either the application of the policy or the last compliance test of the instance. If the predetermined time period has not elapsed, the method monitors the instance for receipt of an error message and if the predetermined time period has elapsed, the method executes the test module to evaluate the compliance of the first instance with the first policy.Type: ApplicationFiled: August 11, 2025Publication date: February 5, 2026Applicant: Netskope, Inc.Inventors: Jonathan Michael Bosanac, Christopher Robert Geeringh, Jason Eggleston, Lonhyn Jasinskyj, John Sengenberger
-
Patent number: 12542812Abstract: A policy-based browser system for managing browser extensions used to access functionalities on a web browser in a cloud-based multi-tenant system. The policy-based browser system includes a client device, a web server, and a mid-link server. A set of policies is identified for the installation of a browser extension requested using the client device. The policies specify access to browser extensions at the client device for accessing functionalities associated with the browser extensions. The functionalities are associated with a user application on the client device. The browser extension is analyzed based on usage history for the installation of the browser extension. Non-compliance with one or more policies from the set of policies of the browser extension is flagged for a re-authorization. Based on the re-authorization, either the browser extension is allowed or blocked or partially allowed for the installation and access to the corresponding functionality of the browser extension.Type: GrantFiled: September 8, 2023Date of Patent: February 3, 2026Assignee: Netskope, Inc.Inventor: James S. Robinson