Patents Assigned to Netskope, Inc.
  • Patent number: 12659357
    Abstract: A network security system (NSS) is described that performs context aware GenAI traffic inspection using sliding windows. The NSS receives an interaction between an endpoint and a GenAI model, where data of the interaction arrives at the NSS in serial order. The NSS analyzes the interaction by storing the data in chunks in serial order as the data arrives, selecting a batch of the chunks including a target chunk that fall within a sliding window, evaluating the batch of chunks with a detection module that includes a language processing model such that the chunks in the batch preceding the target chunk provide context awareness for the language processing model, and repeatedly advancing the sliding window from the target chunk to the next chunk in serial order to select the next batch. The NSS applies a security policy to the interaction based on results of analyzing the interaction.
    Type: Grant
    Filed: November 5, 2025
    Date of Patent: June 16, 2026
    Assignee: Netskope, Inc.
    Inventor: Siying Yang
  • Patent number: 12647362
    Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server. The approaches include intercepting requests to the SaaS server from a user group and monitoring a rate of API calls the API calls forwarded to the SaaS server, identifying one or more power users based on a notification threshold value for the user group, and managing the rate of the API calls for the requests submitted by the identified power users of the user group in accordance with an API call throttle limit, thus remediating triggering of the throughput penalty.
    Type: Grant
    Filed: August 5, 2024
    Date of Patent: June 2, 2026
    Assignee: Netskope, Inc.
    Inventors: Chandrasekaran Rajagopalan, Brian Miller
  • Publication number: 20260149695
    Abstract: A controlled content system for providing a controlled and contained environment that is remotely accessible is disclosed. A third-party application on the end user device is modified to allow certain sites and services to be mediated in a mid-link server. The third-party application uses policies to know when to access the mid-link server for the controlled and contained environment. A Hypertext Transfer Protocol (HTTP) stack for connection with remote services is based on the network packet traffic identified by the policies as mediated targets. The HTTP stack is modified, or the HTTP stack is substituted with a mediated HTTP stack. A Hypertext Transfer Protocol Secure (HTTPS) or a Virtual Private Network (VPN) connection is configured to connect to the mid-link server for the mediated targets, and for targets that are not mediated, the HTTP connection is configured between the end user device and the targets without the mid-link server.
    Type: Application
    Filed: December 1, 2025
    Publication date: May 28, 2026
    Applicant: Netskope, Inc.
    Inventor: Bradley B. Harvell
  • Patent number: 12641100
    Abstract: Computer network anomaly detection systems and methods are disclosed. One embodiment includes retrieving one or more learned profiles for a group of networked computing devices included in a computer network from a database. For each pair of computing devices in the group, a pairwise distance matrix may be computed. Each pairwise distance in the pairwise distance matrix is computed based on a statistical data profile associated with each computing device in each pair of computing devices from the group. The statistical data profiles may be included in the learned profiles. Any pairwise distances that are greater than a threshold may be removed from the pairwise distance matrix to generate a reduced pairwise distance matrix. One or more computing devices associated with the remaining pairwise distances in the reduced pairwise distance matrix may be sorted into a cluster of computing devices. An anomaly score may be computed for the cluster.
    Type: Grant
    Filed: October 17, 2023
    Date of Patent: May 26, 2026
    Assignee: NETSKOPE, INC.
    Inventors: Srinivas Akella, Shahab Sheikh-Bahaei
  • Patent number: 12632572
    Abstract: The disclosed technology facilitates User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.
    Type: Grant
    Filed: February 23, 2024
    Date of Patent: May 19, 2026
    Assignee: Netskope, Inc.
    Inventors: Yi Zhang, Siying Yang, Yihua Liao, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Ari Azarafrooz
  • Patent number: 12615242
    Abstract: The disclosed technology teaches a method for security monitoring in TLS or other certificate-pinned sessions by a cloud-based network security system. When a security condition is detected in the decrypted packets, alerts are generated for the client device. The method involves injecting a message into the session using keys extracted by the cloud-based resource for encryption. Some implementations utilize an inspection proxy and an endpoint routing client for secure tunneling. A secure web gateway buffers encrypted packets in a new session with a cloud-based resource, detects a connection access request from a certificate-pinned application, requests and receives key extraction, and forwards keys to the security system. The secure web gateway applies the keys to systematically encrypted traffic, decrypts packets, and relays ongoing session traffic between the security system and the client device via the inspection proxy, which applies security policies during the process.
    Type: Grant
    Filed: February 8, 2024
    Date of Patent: April 28, 2026
    Assignee: Netskope, Inc.
    Inventors: Oleg Murat Smolsky, Yongjie Yin
  • Patent number: 12613890
    Abstract: The technology disclosed includes a system to perform multi-label support vector machine (SVM) classification of a document. The system creates document features representing frequencies or semantics of words in the document. Trained SVM classification parameters for a plurality of labels are applied to the document features for the document. The system determines positive and negative distances between SVM hyperplanes for the labels and the feature vector. Labels with positive distance to the feature vector are harvested. When the distribution of negative distances is characterized by a mean and standard deviation, the system further harvests the labels with a negative distance such that the harvested labels include the labels with a negative distance between the mean negative distance and zero and separated from the mean negative distance by a predetermined first number of standard deviations.
    Type: Grant
    Filed: January 17, 2025
    Date of Patent: April 28, 2026
    Assignee: Netskope, Inc.
    Inventors: Ravindra K. Balupari, Sandeep Yadav
  • Patent number: 12596804
    Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely open and extract information about a PDF file and uses machine learning algorithms to analyze the information to predict whether the PDF file contains malware. Specifically, dynamic information about the PDF file is captured while it is open in the sandbox. Static information is extracted from the PDF file as well. The dynamic and static information is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the PDF file contains malware. A verdict engine uses the output from the AI or machine learning model to classify the document as malicious or clean. Security policies can then be applied based on the classification.
    Type: Grant
    Filed: October 4, 2024
    Date of Patent: April 7, 2026
    Assignee: Netskope, Inc.
    Inventors: Xinjun Zhang, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen, Dong Guo
  • Patent number: 12598216
    Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.
    Type: Grant
    Filed: April 10, 2024
    Date of Patent: April 7, 2026
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Ajay Agrawal
  • Patent number: 12593210
    Abstract: A dynamic security system to secure cellular devices across a cellular network in a cloud-based environment. The dynamic security system includes a tenant of multiple tenants having multiple cellular devices, a tunnel, a traffic steering module, and a threat management module. The tunnel transmits and identifies traffic associated with different network identifiers. The traffic steering module routes traffic towards gateways and the threat management module analyzes traffic at the tunnel and generates policies and recommendations to remediate a threat. The threat management module intercepts traffic within the tunnel at an application layer of the cloud-based environment, creates policy profiles for tenants, monitors a threat landscape, and relates the threat with the policy profiles. The threat management module further stores tenant profiles, threat information, and policy profiles.
    Type: Grant
    Filed: September 20, 2024
    Date of Patent: March 31, 2026
    Assignee: Netskope, Inc.
    Inventors: Kallol Banerjee, Harsh Pandey, Bryan D. Black, Jonathan Bosanac
  • Patent number: 12592959
    Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.
    Type: Grant
    Filed: June 23, 2023
    Date of Patent: March 31, 2026
    Assignee: Netskope, Inc.
    Inventors: Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang
  • Publication number: 20260089509
    Abstract: A dynamic security system to secure cellular devices across a cellular network in a cloud-based environment. The dynamic security system includes a tenant of multiple tenants having multiple cellular devices, a tunnel, a traffic steering module, and a threat management module. The tunnel transmits and identifies traffic associated with different network identifiers. The traffic steering module routes traffic towards gateways and the threat management module analyzes traffic at the tunnel and generates policies and recommendations to remediate a threat. The threat management module intercepts traffic within the tunnel at an application layer of the cloud-based environment, creates policy profiles for tenants, monitors a threat landscape, and relates the threat with the policy profiles. The threat management module further stores tenant profiles, threat information, and policy profiles.
    Type: Application
    Filed: September 20, 2024
    Publication date: March 26, 2026
    Applicant: Netskope, Inc.
    Inventors: Kallol Banerjee, Harsh Pandey, Bryan D. Black, Jonathan Bosanac
  • Publication number: 20260080026
    Abstract: An intermediary server provides secure access to a web page of a web-based service upon request of a web server. The intermediary server includes an operating system that runs a new instance of a web browser engine. The web browser engine creates a temporary folder to isolate the new instance from other instances and deletes the temporary folder upon deletion of the new instance. The web browser engine produces an image of a web page rendered in the new instance and transmits an access web page to a web browser. The access web page is configured to retrieve the image from the web browser engine and display the image in the web browser. User interactions are registered and sent to the new instance in the intermediary server. The user interactions are reproduced within the new instance and the new instance produces images of the web page after the user interactions.
    Type: Application
    Filed: September 15, 2025
    Publication date: March 19, 2026
    Applicant: Netskope, Inc.
    Inventors: Mariano Largo Del Amo, Victor Jurado Martinez
  • Patent number: 12580945
    Abstract: The technology disclosed relates to simulating spread of a malware in cloud applications. In particular, the technology disclosed relates to accessing sharing data for files shared between users via sync and share mechanisms of cloud applications, tracing connections between the users by traversing a directed graph constructed based on the sharing data, and simulating spread of a malware based on the traced connections to simulate user exposure to, infection by, and transmission of the malware. The connections are created as a result of syncing and sharing the files via the sync and share mechanisms. The malware is spread by syncing and sharing of infected ones of the files via the sync and share mechanisms.
    Type: Grant
    Filed: June 4, 2024
    Date of Patent: March 17, 2026
    Assignee: Netskope, Inc.
    Inventors: Sean Hittel, Ravindra K. Balupari
  • Patent number: 12580960
    Abstract: The technology disclosed intercepts a webpage rendered by a server in response to a user action executed on a client. The technology disclosed analyzes one or more images of the webpage and determines that a particular hosted service is represented by the images. It analyzes one or more fields of the webpage and determines that the fields elicit confidential information. The technology disclosed intercepts a request generated by the client in response to another user action providing the confidential information via the fields. The technology disclosed analyses the request and determines that the confidential information is being exfiltrated to an unsanctioned resource. This determination is made by comparing a resource address in the request with one or more sanctioned resource addresses used by the particular hosted service. The technology disclosed determines that the webpage is effectuating a phishing attack and blocks transmission of the confidential information to the unsanctioned resource.
    Type: Grant
    Filed: November 6, 2023
    Date of Patent: March 17, 2026
    Assignee: Netskope, Inc.
    Inventor: Krishna Narayanaswamy
  • Publication number: 20260075097
    Abstract: A policy-controlled access security system for managing access security to electronic agents in cloud based multi-tenant systems includes a client device, a mid-link server, and a web server. A local application running on the client device requests access to an electronic agent of a remote application of the web server. Policies are determined for controlled access to the electronic agent. The set of policies is enforced on the client device and access to the electronic agent is provided. An audit is performed during the access by identifying one or more AI devices, determining compliance of the identified AI devices with the set of policies, and disabling the AI devices in response to non-compliance. A request for re-authorization to enable a disabled functionality of the electronic agent is received and analyzed for compliance with the set of policies. Upon granting the re-authorization, the set of policies is modified.
    Type: Application
    Filed: September 8, 2025
    Publication date: March 12, 2026
    Applicant: Netskope, Inc.
    Inventors: James S. Robinson, Damian C. Chung, Lamont Orange
  • Patent number: 12572651
    Abstract: A cloud-based network security system (NSS) is described. The NSS extracts information about a document (e.g., a portable document format (PDF) file) and uses heuristic rules to analyze the information to predict whether the document contains malicious software. Specifically, prior to detonation of the document, object features, code features, and embedded features of the document are extracted. The extracted information is input to a classification engine that applies sets of heuristic rules to groups of the features of the document to provide an output indicating a prediction of whether the document contains malware. A routing engine provides the document for further analysis (e.g., deep scanning) if the document is suspicious or bypasses the further analysis if the document is benign. Security policies can then be applied based on the classification.
    Type: Grant
    Filed: May 7, 2024
    Date of Patent: March 10, 2026
    Assignee: Netskope, Inc.
    Inventors: Ghanashyam Satpathy, Hung-Chun Chu, Hung-Ming Chen
  • Patent number: 12561620
    Abstract: The technology discloses training a classifier to label webpages with categories, extracting from a training database with thousands of webpages tentatively labeled with ground truth categories, dataset A and dataset B; training a classifier using A; and applying it to webpages in B to assign a webpage a label and a classification score. Also disclosed is cleaning B, removing webpages based on evaluation of a decision confidence metric derived from the score assigned for the webpage; and training a second classifier using cleaned B, with second classifier weights initialized independent of trained first classifier weights; and applying the second classifier to webpages in A to assign a webpage the label, score, and decision confidence matrix, and cleaning A, removing webpages from A based on the decision confidence metric. Then combining cleaned A and cleaned B into a combined clean dataset, and training the third classifier using the combined clean dataset.
    Type: Grant
    Filed: October 2, 2023
    Date of Patent: February 24, 2026
    Assignee: Netskope, Inc.
    Inventors: Yi Zhang, Rongrong Tao, Xinjun Zhang, Dong Guo, Hongbo Yang, Jun Ou
  • Publication number: 20260039551
    Abstract: Systems and methods for testing compliance of an instance within a cloud computing environment. The method includes identifying a first policy selected from plurality of policies applied to a cloud instance during a predetermined time period. A testing schedule for the instance is retrieved, which specifies the frequency of compliance testing against each policy. A corresponding test module is retrieved to check compliance with the first policy. The method further includes determining whether the predetermined time period has expired, the predetermined time is measured from either the application of the policy or the last compliance test of the instance. If the predetermined time period has not elapsed, the method monitors the instance for receipt of an error message and if the predetermined time period has elapsed, the method executes the test module to evaluate the compliance of the first instance with the first policy.
    Type: Application
    Filed: August 11, 2025
    Publication date: February 5, 2026
    Applicant: Netskope, Inc.
    Inventors: Jonathan Michael Bosanac, Christopher Robert Geeringh, Jason Eggleston, Lonhyn Jasinskyj, John Sengenberger
  • Patent number: 12542812
    Abstract: A policy-based browser system for managing browser extensions used to access functionalities on a web browser in a cloud-based multi-tenant system. The policy-based browser system includes a client device, a web server, and a mid-link server. A set of policies is identified for the installation of a browser extension requested using the client device. The policies specify access to browser extensions at the client device for accessing functionalities associated with the browser extensions. The functionalities are associated with a user application on the client device. The browser extension is analyzed based on usage history for the installation of the browser extension. Non-compliance with one or more policies from the set of policies of the browser extension is flagged for a re-authorization. Based on the re-authorization, either the browser extension is allowed or blocked or partially allowed for the installation and access to the corresponding functionality of the browser extension.
    Type: Grant
    Filed: September 8, 2023
    Date of Patent: February 3, 2026
    Assignee: Netskope, Inc.
    Inventor: James S. Robinson