Patents Assigned to Zscaler, Inc.
  • Clientless connection setup for cloud-based virtual private access systems and methods
    Patent number: 10616180
    Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device are disclosed. The systems and methods include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system. The resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet. The systems and methods also include performing a series of connections between the exporter and i) the Web browser and ii) centralized components to authenticate a user of the user device for the resources. The systems and methods further include, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter. The exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: April 7, 2020
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
  • Distributed cloud-based security systems and methods
    Patent number: 10609083
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes monitoring a content item sent from or requested by an external system which is external from a network edge of the external system; and responsive to a security policy associated with the external system, performing one of allowing the content item through the processing node; precluding the content item at the processing node; and threat detecting the content item at the processing node and one of allowing or precluding the content item based on the threat detecting.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: March 31, 2020
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Distributed cloud-based security systems and methods
    Patent number: 10601870
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes obtaining security policy data associated with the user and the enterprise from an authority node; monitoring data communications between the user, the enterprise, and the Internet in a processing node; and controlling the data communications between the user, the enterprise, and the Internet based on the monitoring to provide security measures between the user, the enterprise, and the Internet.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: March 24, 2020
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Multi-tenant cloud-based firewall systems and methods
    Patent number: 10594656
    Abstract: A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: March 17, 2020
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
  • Systems and methods for tracking and auditing changes in a multi-tenant cloud system
    Patent number: 10587671
    Abstract: Systems and methods for tracking and auditing changes in one or more cloud-based systems include, at a Web application, intercepting requests between one or more users and the Web application associated with the one or more cloud-based systems and creating log messages based on the intercepted requests; at a log forwarder in the logging system, forwarding the log messages to a log indexer; at the log indexer in the logging system, receiving the forwarded log messages and indexing the forwarded log messages in a centralized storage; and, at the logging system, responsive to a query, forwarding responsive indexed data from the centralized storage, based on the query.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: March 10, 2020
    Assignee: Zscaler, Inc.
    Inventors: Manav Verma, Sofian Halim, Gunjan Bhasin
  • Systems and methods for cloud-based service function chaining using security assertion markup language (SAML) assertion
    Patent number: 10574652
    Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: February 25, 2020
    Assignee: Zscaler, Inc.
    Inventors: Purvi Desai, Abhinav Bansal, Tejus Gangadharappa
  • Mobile device security, device management, and policy enforcement in a cloud based system
    Patent number: 10523710
    Abstract: Mobile device security, device management, and policy enforcement are described in a cloud based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud based method for mobile device security, device management, and policy enforcement includes, responsive to configuring the mobile device for connectivity to the cloud system, monitoring data between the mobile device and the external network, wherein the cloud system connects to the mobile device independent of a type, platform, or operating system associated with the mobile device; analyzing the data in real-time in the cloud system thereby not impacting performance of the mobile device; and controlling exchange of the data, in the cloud system, between the mobile device and the external network based on the analyzing.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: December 31, 2019
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
  • Multidimensional risk profiling for network access control of mobile devices through a cloud based security system
    Patent number: 10511607
    Abstract: A server configured to profile a mobile device for a cloud-based system, includes a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to, based on communication to a client application on the mobile device, cause the client application to collect data associated with the mobile device; receive the collected data; and determine a device fingerprint and a risk index for the mobile device based on the collected data, wherein the device fingerprint is utilized to uniquely identify the mobile device and the risk index is utilized to manage the mobile device.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: December 17, 2019
    Assignee: Zscaler, Inc.
    Inventors: Abhinav Bansal, Purvi Desai
  • Systems and methods for security and control of internet of things and zeroconf devices using cloud services
    Patent number: 10498750
    Abstract: Systems and methods of monitoring and controlling Internet of Things (IOT) and ZeroConf devices using a cloud-based security system include receiving fingerprints of the IOT and ZeroConf devices and data related to operation from a plurality of user devices; receiving updates related to the IOT and ZeroConf devices, configuration thereof, and proper operation thereof; determining security risk of the IOT and ZeroConf devices based on the fingerprints, the data related to operation, and the updates; and providing the security risk to the plurality of user devices and causing one or more policy-based actions to be performed based on the security risk.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: December 3, 2019
    Assignee: Zscaler, Inc.
    Inventor: Abhinav Bansal
  • Cloud based systems and methods for determining and visualizing security risks of companies, users, and groups
    Patent number: 10498605
    Abstract: Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
    Type: Grant
    Filed: August 8, 2017
    Date of Patent: December 3, 2019
    Assignee: Zscaler, Inc.
    Inventors: Loren Weith, Deepen Desai, Amit Sinha
  • In-channel event processing for network agnostic mobile applications in cloud based security systems
    Patent number: 10432673
    Abstract: Systems and methods in a mobile device communicatively coupled to a cloud based security system, the method for detecting and processing in-channel events associated with a network agnostic mobile application, the method includes intercepting outgoing data from the network agnostic mobile application at a tunnel interface on the mobile device; monitoring the outgoing data for network transactions from the network agnostic mobile application to maintain a context of the network transactions and intended responses for every request; transmitting the outgoing data from the tunnel interface to the cloud based security system; and receiving a response from the cloud based security system responsive to the outgoing data and processing any deviation from the intended responses.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventors: Abhinav Bansal, Vikas Mahajan, Purvi Desai
  • Systems and methods for improving HTTPS security
    Patent number: 10432588
    Abstract: Systems and methods include, at the gateway, receiving a domain request from a user device executing a HyperText Transfer Protocol (HTTP) Strict Transport Security (HSTS) application that detects the domain request from a browser or application executed on the user device; transmitting a response to the user device with support of HTTP Security (HTTPS) by the domain; receiving an updated domain request with information removed based on the HTTPS support of the domain; and redirecting the user device to the domain.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventor: Ajit Singh
  • Systems and methods to detect and monitor DNS tunneling
    Patent number: 10432651
    Abstract: Systems and methods of detecting Domain Name System (DNS) tunnels for monitoring thereof include obtaining data related to DNS traffic between DNS nameservers and clients; determining a score for each DNS nameserver based on the data to characterize DNS queries over a period of time for each DNS nameserver, wherein the score incorporates all DNS queries associated with the associated DNS nameserver over the period of time; determining one or more DNS nameservers likely operating DNS tunnels based on the score; and performing one or more actions on the one or more DNS nameservers related to the DNS tunnels.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventors: Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Srikanth Devarajan
  • Systems and methods for blocking targeted attacks using domain squatting
    Patent number: 10419477
    Abstract: Systems and methods for identifying and addressing domains suspected as malicious domains used for targeted attacks in a cloud-based system include receiving valid domains; receiving an unidentified domain; comparing the unidentified domain to the valid domains to derive a distance calculation of the unidentified domain to each of the valid domains; determining whether the unidentified domain is a cybersquatting attempt of one of the valid domains based on the comparing; and, responsive to the determining the unidentified domain is a cybersquatting attempt, one of notifying an operator/user and blocking the unidentified domain in the cloud-based system.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: September 17, 2019
    Assignee: Zscaler, Inc.
    Inventors: Deepen Desai, Amit Sinha
  • Systems and methods for service replication, validation, and recovery in cloud-based systems
    Patent number: 10379966
    Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: August 13, 2019
    Assignee: Zscaler, Inc.
    Inventors: Tejus Gangadharappa, Wai Leung Chan, Dinoja Padmanabhan, Sivaprasad Udupa
  • Cloud-based virtual private access systems and methods
    Patent number: 10375024
    Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: August 6, 2019
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
  • Cloud-based malware detection
    Patent number: 10262136
    Abstract: Systems, methods and apparatus for malware detection detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A malware detection service external to network edges of a system receives a request from a computer within the system, the request identifying a signature associated with content. The service determines a status indicator of the content using the signature, and transmits the status indicator to the computer.
    Type: Grant
    Filed: August 4, 2008
    Date of Patent: April 16, 2019
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
  • Secure and lightweight traffic forwarding systems and methods to cloud based network security systems
    Patent number: 10243997
    Abstract: A method implemented by an agent operating on a mobile device communicating to a cloud-based system includes opening up local listening sockets on the mobile device; redirecting outgoing traffic from all application on the mobile device except the agent to the local listening sockets; and forwarding the outgoing traffic from the local listening sockets to the cloud-based system with additional information included therein for the cloud-based system.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: March 26, 2019
    Assignee: Zscaler, Inc.
    Inventors: Purvi Desai, Vikas Mahajan, Abhinav Bansal
  • Content delivery network protection from malware and data leakage
    Patent number: 10237286
    Abstract: Content Delivery Network (CDN) protection systems and methods, performed by a cloud node in a distributed security system include receiving traffic between one or more origin servers and the CDN; monitoring the traffic based on policy; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: March 19, 2019
    Assignee: Zscaler, Inc.
    Inventors: Dhawal Kumar Sharma, Manoj Apte, Patrick Foxhoven
  • Systems and methods for improving HTTPS security
    Patent number: 10225237
    Abstract: Systems and methods for HyperText Transfer Protocol (HTTP) HTTP Strict Transport Security (HSTS), are implemented by one or more servers associated with a gateway in a cloud based proxy. A method includes managing a preloaded list of HTTP Security (HTTPS) support of a plurality of domains; receiving a domain request from an HSTS application executed on a user device, wherein the HSTS application is configured to detect the domain request from a browser or application executed on the user device; and transmitting a response to the user device with header information related to support of HTTPS the domain.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: March 5, 2019
    Assignee: Zscaler, Inc.
    Inventor: Ajit Singh