Abstract: A cloud security method implement web security at the application level by monitoring network traffic and detecting cloud activities related to web applications, and then classifying the detected cloud activities to map certain security-related cloud activities into activity categories to enable security policy to be applied. The application-level cloud security method enables policy enforcement rules to be established for cloud activity categories. The security policies are then applied based on activity categories.

Abstract: Mechanisms (such as systems, methods, and media) for protecting a client device from an insecure cloud-based storage container stored on a server are provided, the mechanisms comprising: determining that content accessible by the client device is hosted in a storage container on the server; sending a message to the server to determine what security provisions are in place for the storage container; determining that the storage container is not secure; and blocking access by the client device to the storage container.

Abstract: A service action category based cloud security system and method implement cloud security by categorizing service actions of cloud service providers into a set of service action categories. The service action categorization is performed agnostic to the applications or functions provided by the cloud service providers and also agnostic to the cloud service providers. With the service actions of cloud service providers thus categorized, cloud security monitoring and threat detection can be performed based on service action categories. Thus, cloud security can be implemented without requiring knowledge of the applications supported by the cloud service providers and without knowing all of the individual service actions supported by the cloud service providers.

Abstract: A cloud service account management method identifies unauthorized or unmanaged accounts making administration console access or API access at a cloud computing service and triggers a work flow to place the accounts under management. In one embodiment, the user device is directed to a registration portal to provide access credentials of the unauthorized account. The loud service account management method uses the access credentials to retrieve a list of account users associated with the account. Once the accounts are made managed, the cloud service account management method can monitor the activities of the account, including all of the account users, and can apply compliance or security policies to the managed accounts.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A wildcard searchable encryption method enables wildcard search of encrypted text in a cloud-stored encrypted file. In some embodiments, the wildcard searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts files on behalf of a user or an enterprise destined to be stored on a cloud storage service. The wildcard searchable encryption method performs keyword pre-processing of the file to be encrypted to generate a set of keyword-wildcard combinations in plaintext for some or all of the keywords in the file. The processed file is encrypted using an exact match searchable encryption algorithm. As a result of the encryption process, a search index is generated to include the keyword-wildcard combinations. As thus configured, the wildcard searchable encryption method enables wildcard search of the encrypted text, such as searches for prefixes or suffixes of the keywords.

Abstract: A cloud service account management method identifies unauthorized or unmanaged accounts making administration console access or API access at a cloud computing service and triggers a work flow to place the accounts under management. In one embodiment, the user device is directed to a registration portal to provide credentials of the unauthorized account. Once the accounts are made managed, the cloud service account management method can monitor the activities of the accounts and can apply compliance or security policies to the managed accounts.

Abstract: A method of assessing a risk level of an enterprise using cloud-based services from one or more cloud service providers includes assessing provider risk scores associated with the one or more cloud service providers; assessing cloud service usage behavior and pattern of the enterprise; and generating a risk score for the enterprise based on the provider risk scores and on the cloud service usage behavior and pattern of the enterprise. The risk score is indicative of the risk of the enterprise relating to the use of the cloud-based services from the one or more cloud service providers.

Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.

Abstract: A cloud based data loss prevention (DLP) system implements a split computing architecture using separate indexer system and detection system to perform indexing and data loss prevention monitoring. The cloud DLP system includes a computing system deployed outside of the enterprise data network and including a first computing cluster and a second computing cluster. The first computing cluster includes an indexer system to generate a search index from a pre-index containing hash values of structured data to be protected. The second computing cluster comprises a detection system configured to receive the search index and network data content, to apply a forward hash function based on a key to the network data content, and to detect in the hash values of the network data content for matching data in the search index and to generate an alert in response to matched data content being found in the network data content.

Abstract: A searchable encryption method enables encrypted search of encrypted documents based on document type. In some embodiments, the searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The searchable encryption method encodes document type information into the encrypted search index while preserving encryption security. Furthermore, the searchable encryption method enables search of encrypted documents using the same encrypted index, either for a particular document type or for all encrypted documents regardless of the document type.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A system for providing data loss prevention services includes an indexer system configured to generate a search index based on structured data to be protected and a detection system configured to receive the search index and network data content and to detect in the network data content for matching data based on the search index. The detection system includes a first processor and multiple graphical processing units. The first processor provides words from the network data content in parallel to each of the graphical processing units, each graphical processing unit receiving a different word from the network data content. The graphical processing units perform detection of the words in parallel to detect for matched data content in at least a portion of the search index.

Abstract: A wildcard searchable encryption method enables wildcard search of encrypted text in a cloud-stored encrypted document. In some embodiments, the wildcard searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The wildcard searchable encryption method performs keyword pre-processing of the document to be encrypted to generate a set of keyword-wildcard combinations in plaintext for some or all of the keywords in the document. The processed document is encrypted using an exact match searchable encryption algorithm. As a result of the encryption process, a search index is generated to include the keyword-wildcard combinations. As thus configured, the wildcard searchable encryption method enables wildcard search of the encrypted text, such as searches for prefixes or suffixes of the keywords.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A method of assessing a risk level of an enterprise using cloud-based services from one or more cloud service providers includes assessing provider risk scores associated with the one or more cloud service providers; assessing cloud service usage behavior and pattern of the enterprise; and generating a risk score for the enterprise based on the provider risk scores and on the cloud service usage behavior and pattern of the enterprise. The risk score is indicative of the risk of the enterprise relating to the use of the cloud-based services from the one or more cloud service providers.

Abstract: A wildcard searchable encryption method enables wildcard search of encrypted text in a cloud-stored encrypted file. In some embodiments, the wildcard searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts files on behalf of a user or an enterprise destined to be stored on a cloud storage service. The wildcard searchable encryption method performs keyword pre-processing of the file to be encrypted to generate a set of keyword-wildcard combinations in plaintext for some or all of the keywords in the file. The processed file is encrypted using an exact match searchable encryption algorithm. As a result of the encryption process, a search index is generated to include the keyword-wildcard combinations. As thus configured, the wildcard searchable encryption method enables wildcard search of the encrypted text, such as searches for prefixes or suffixes of the keywords.

Abstract: A cloud access control server and method provides a cloud service access control database to implement cloud services access control policy. The cloud service access control database stores thereon cloud service identifiers associated with cloud service providers having high risk scores. In some embodiments, the cloud service identifiers form a block list of cloud services which is provided to network device of the enterprise data network to implement cloud service access control. In other embodiments, a cloud access control server and method implements cloud services access control policy for an enterprise. The cloud access control server and method receives network traffic data from the installed firewall or proxy at the enterprise and process the network traffic data with respect to cloud service access. The cloud access control server provides instructions to the firewall or proxy to allow or deny the network access at the enterprise.