Abstract: Systems and methods include determining log data for a time period at a plurality of senders, wherein each sender is a node in the cloud-based system, and the log data is associated with one or more cloud services; providing the log data to one or more storage clusters, via one or more distributors, for the time period; responsive to all of the plurality of senders performing the providing, moving to a next time period and repeating the determining and the providing; detecting a given sender is a faulty data source or a slow data source; and moving the given sender to a deferred processing list where the given sender does not hold up the moving to the next time period.

Abstract: Briefly, embodiments, such as methods and/or systems for network device identification, for example, are described.

Abstract: A computer system automatically generates a proposal for network application security policies to be applied on a telecommunications network. The system provides output representing the proposed network application security policies to a user. The user provides input either approving or disapproving of the network application security policies. If the user approves, then the system applies the of the proposed microsegmentation. This process may be repeated for a plurality of hosts and subsets thereof within the same network, and may be repeated over time to modify one or more existing network application security policies. The network application security policies govern inbound and outbound connections to the hosts in the network.

Abstract: System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request, from a client, for one or more of a first trace of a tunnel and a second trace to a destination; checking a cache at the node for results from previous traces of the first trace and the second trace; responsive to the results not being in the cache, performing one or more of the first trace and the second trace; and providing the results to the client so that the client aggregates the results with details from one or more additional legs to provide an overall view of a service path between the client and the destination.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud-based method includes monitoring traffic between a mobile device and a network in a cloud-based system that is implemented as an overlay network relative to the mobile device and the network; analyzing the traffic from the mobile device to the network, for enforcing policy thereon, wherein the policy includes a set of use guidelines associated with the user of the mobile device; and blocking or allowing the traffic from the mobile device to the network based on the analyzing.

Abstract: Systems and methods for device identification for management and policy in the cloud, using a combination of several hardware parameters and user's identification to generate a unique identifier for a user device and associated user. IOCTL and Assembly can be used to get the different hardware parameters. All the hardware parameters can then run through a process to generate a fixed size hardware fingerprint. A base64 encoding can be performed to convert it into a string, for consumption of database. The resultant identifier is unique and it is never stored on machine. The application can simply generate it whenever needed. The resultant identifier can used by a service provider to uniquely identify the device even when the device is moving hands or locations. The resultant identifier is never stored, so moving data from one device to another will not result in the same identifier for two devices.

Abstract: Proxy Auto Config (PAC) file parser systems and methods enable file parsing on user devices without Just-in-Time (JIT) compilation in JavaScript, with a memory efficient implementation and with efficient performance. The PAC parser supports multi proxy connections, traffic rules (e.g., bypass/send to proxy, etc.) based on various PAC functions, etc. The PAC parser can be utilized on a user device with an enterprise application and with cloud-based services.

Abstract: Systems and methods include obtaining log data from a storage cluster associated with a cloud-based security system, wherein the log data includes transaction data associated with a plurality of users of the cloud-based security system, wherein the transaction data is for one or more of cloud security service transactions, application access via a Zero Trust Network Access (ZTNA) service, and user experience metrics, and wherein the cloud-based security system includes a plurality of tenants with the plurality of users each assigned thereto; analyzing the log data to determine a plurality of visualizations of the transaction data for a tenant; providing a User Interface (UI) to a mobile application with the plurality of visualizations; and providing a risk score summarizing an overall risk posture of the tenant in a single metric.

Abstract: Systems and methods for limiting calls to access a cloud-based system are disclosed. The systems and methods obtain a rate limiting policy including at least one attribute and a counting interval, the at least one attribute including at least one of a username associated with a client, an instance, an organization associated with the client, a resource being requested, a service being requested, a geographical access region, and an Application Programming Interface (API) being requested. The systems and methods also mark an entry, based on the rate limiting policy, in a database for each call the client makes. The systems and methods further enforce the rate liming policy by not processing calls from the client associated with the at least one attribute that are made for a count of calls marked that is beyond the counting interval.

Abstract: Systems and methods include providing functionality for a user device while operating in background on the user device; responsive to a user request, starting collection of packets intercepted by the enterprise application; storing the collected packets on the user device; receiving a selection from the user of an issue type of a plurality of issue types for an issue; and providing the issue type and the collected packets for debugging of the issue type. The systems and methods can further include transmitting the collected data and the collected packets to a back end server for troubleshooting of the issue.

Abstract: An enterprise application executed on a user device is configured to perform steps of providing functionality for a user device while operating in background on the user device; determining an issue with the functionality of the enterprise application; presenting a user of the user device a list of a plurality of issue types for selection thereof; receiving a selection from the user of an issue type for the issue; and collecting data from the user device based on the selected issue type. The steps can further include transmitting the collected data to a back end server for troubleshooting of the issue.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.

Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.

Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include discovering one or more cloud services for a user associated with the user device; creating and operating an interface on the user device; and intercepting traffic at the interface from one or more client applications on the user device and splitting the traffic based on configuration to the one or more cloud services. The method can further include authenticating the user into the one or more cloud services prior to the splitting.

Abstract: A Content Delivery Network (CDN) includes one or more cache servers communicatively coupled to end users for providing content thereto; and one or more origin servers communicatively coupled to the one or more cache servers through a plurality of nodes, the one or more cache servers are configured to receive traffic related to the content from the one or more origin servers through the one or more nodes of the plurality of nodes, based on one or more of a push technique and a pull technique, and the plurality of nodes are configured to monitor the traffic between the one or more origin servers and the one or more cache servers in an inline manner, process the traffic for malware and data leakage based on policy, and block the traffic responsive to detection of one or more of the malware and the data leakage, prior to traffic entering the CDN.

Abstract: Systems and methods include periodically sending a probe to a cloud application where the probe simulates user activity in the cloud application; receiving a response to the probe and determining one or more statistics of the cloud application based on the response; incorporating the one or more statistics in historical statistics; and causing a notification when any of the one or more statistics exceeds a defined threshold. The probe can be a cloud-based probe from a cloud-based system, and the systems and methods can also include receiving a response to an on-premises probe that was sent by a distributed agent that is separate from the cloud-based system; and incorporating one or more statistics associated with the response to the on-premises probe in the historical statistics.

Abstract: Systems and methods for analyzing digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; based on user experience metrics collected by the inline monitoring and stored in a logging analysis system, obtaining user experience metrics for one or more users for a given time epoch and for a given application; determining a user experience score for the one or more users for the given time epoch and for the given application based on the obtained user experience metrics; and providing a graphical user interface displaying data related to various user experience scores for various users over various time epochs with various applications.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Systems and methods include receiving a request from a client with the request including an authentication token as a request header, wherein the authentication token includes a first encryption key, a second encryption key, and a timestamp; decrypting the authentication token with a private key of the server to obtain the first encryption key, the second encryption key, and the timestamp; and validating the request based on the first encryption key and the timestamp, and, if valid, decrypting payload of the request with the second encryption key.