Patents Assigned to Zscaler, Inc.
  • Systems and methods for efficiently maintaining records in a cloud-based system
    Patent number: 11650965
    Abstract: Systems and methods include obtaining statistics based on monitoring in a cloud-based system for a given time period; and, responsive to determining an arrangement of counters for N counters, storing each of M counters for the given time period as a plurality of records with each record including a record type, a possible offset to a next record in terms of a counter identifier (ID), and a counter value, wherein N and M are integers and M<<N, and wherein the arrangement is determined such that most frequently used counters occupy lower counter IDs. The systems and methods can further include updating the arrangement of the counters for the N counters, to perform an optimization such that the most frequently used counters occupy lower counter IDs.
    Type: Grant
    Filed: April 17, 2020
    Date of Patent: May 16, 2023
    Assignee: Zscaler, Inc.
    Inventors: Raman Madaan, Kumar Gaurav, Chakkaravarthy Periyasamy Balaiah, Kailash Kailash
  • Secure application access systems and methods via a lightweight connector and a cloud-based system
    Patent number: 11652797
    Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: May 16, 2023
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
  • Cloud application design for efficient troubleshooting
    Patent number: 11647055
    Abstract: Systems and methods include providing functionality for the user device while operating in background on the user device including providing secure connectivity with a cloud-based system over a network; continuously collecting packets intercepted by the enterprise application over a time interval, wherein the collected packets are collected over the time interval; and responsive to an issue with functionality of the enterprise application, transmitting the collected packets to a back end server for troubleshooting of the issue. The time interval is a set amount of time, and each collected packet is deleted at the expiration of the time interval.
    Type: Grant
    Filed: April 25, 2022
    Date of Patent: May 9, 2023
    Assignee: Zscaler, Inc.
    Inventors: Rohit Goyal, Rishabh Gupta
  • Cached web probes for monitoring user experience
    Patent number: 11647067
    Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving a response to a first web probe to a destination server; caching data associated with the response to the first web probe in a cache; receiving a request for a second web probe to the destination server; and serving a response to the second web probe utilizing the data in the cache in lieu of forwarding the second web probe to the destination server.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: May 9, 2023
    Assignee: Zscaler, Inc.
    Inventors: Chenglong Zheng, Srikanth Devarajan, Vikas Mahajan, Sandeep Kamath Voderbet
  • Cloud access security broker systems and methods with an in-memory data store
    Patent number: 11637910
    Abstract: Systems and methods include receiving a record associated with an incident that was detected by the CASB system in a Software-as-a-Service (SaaS) application; determining a hash based on a plurality of levels for the record; determining if the record exists in a data store based on the hash, and if the record exists, deleting an old record; and inserting the record in the data store based on the hash, wherein the data store is maintained in-memory and includes records at leaf nodes in a multi-level hash based on the plurality of levels.
    Type: Grant
    Filed: October 2, 2020
    Date of Patent: April 25, 2023
    Assignee: Zscaler, Inc.
    Inventors: Abhishek Bathla, Kumar Gaurav, Raman Madaan, Chakkaravarthy Periyasamy Balaiah, Shweta Gupta
  • Detection of network hops and latency through an opaque tunnel and detection misconfiguration of tunnels
    Patent number: 11637766
    Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: April 25, 2023
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Chenglong Zheng, Ajit Singh, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko
  • Semi-automatic communication network microsegmentation
    Patent number: 11632401
    Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: April 18, 2023
    Assignee: Zscaler, Inc.
    Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
  • Advanced threat detection through historical log analysis
    Patent number: 11627148
    Abstract: Systems and methods include obtaining data from a log system storing historical transactions monitored by a security system; creating one or more mock transactions based on the data; and analyzing the one or more mock transactions with a signature pattern matching engine having updates provided therein subsequent to a time of the historical transactions. The one or more mock transactions can have a header based on the data from corresponding historical transactions. The systems and methods can include performing a content scan in the one or more mock transactions based on the signature pattern matching engine having the updates, or determining malicious activity in the one or more mock transactions based on the signature pattern matching engine having the updates to determine missed matches in the corresponding historical transactions.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: April 11, 2023
    Assignee: Zscaler, Inc.
    Inventor: Deepen Desai
  • Mobile and IoT device forwarding to the cloud
    Patent number: 11596027
    Abstract: A method, implemented in a cloud-based system, includes, responsive to a client device having a Subscriber Identity Module (SIM) card therein connecting to a mobile network from a mobile network operator, receiving authentication of the client device based on the SIM card; receiving forwarded traffic from the client device; and processing the forwarded traffic according to policy, wherein the policy is determined based on one of a user of the client device and a type of the client device, each being determined based on the SIM card.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: February 28, 2023
    Assignee: Zscaler, Inc.
    Inventor: Nathan Howe
  • Identity-based enforcement of network communication in serverless workloads
    Patent number: 11588859
    Abstract: Systems and methods include implementing dynamic runtime code manipulation to modify application code associated with calls related to networking, with the calls implemented by application software executed as a serverless workload; intercepting the calls from the application software based on the modified application code; determining whether to permit the calls based on a set of policies; responsive to permitting a call, making the call to an operating system interface on behalf of the application software; and, responsive to not permitting the call, providing a failure notification to the application software.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: February 21, 2023
    Assignee: Zscaler, Inc.
    Inventor: Thomas E. Keiser, Jr.
  • Multi-tenant cloud-based firewall systems and methods
    Patent number: 11582192
    Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
  • Cloud access security broker systems and methods via a distributed worker pool
    Patent number: 11582261
    Abstract: A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker. The plurality of workers can be further configured to cause an action in the one or more cloud providers based on the crawl and based on the policy and the configuration. The action can include any of allowing a file, deleting a file, quarantining a file, and providing a notification.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
  • Highly scalable RESTful framework
    Patent number: 11582294
    Abstract: Systems and methods implemented in a node in a cloud-based system include operating a first cloud service that is implemented as a monolith system; operating a RESTful framework (Representational State Transfer web service) embedded in the cloud node; and operating one or more applications for one or more cloud services utilizing the RESTful framework, wherein the one or more applications are microservices. The RESTful framework utilizes Hypertext Transfer Protocol (HTTP) methods.
    Type: Grant
    Filed: June 4, 2021
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Sushil Pangeni, Srikanth Devarajan
  • Detecting web probes versus regular traffic through a proxy including encrypted traffic
    Patent number: 11563665
    Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving encrypted traffic with an indicator in a header indicating a request for probe traffic; inspecting the request and a response for the probe traffic; and caching data associated with the response to in a cache.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: January 24, 2023
    Assignee: Zscaler, Inc.
    Inventors: Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng
  • Automated software capabilities classification model that identifies multi-use behavior of new applications on a network
    Patent number: 11553003
    Abstract: A computer system automatically learns which application behavior constitutes “multi-use” behavior by observing the behavior of applications on a network. The system uses this learned knowledge to automatically identify multi-use behavior in new applications that appear on the network. When the system enforces security policies against applications on the network, it identifies whether particular behavior of such applications violates any of the security policies. In this way, the system adapts automatically to new behavior of applications on the network over time in order to increase network security.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: January 10, 2023
    Assignee: Zscaler, Inc.
    Inventors: John O'Neil, Peter Smith
  • Proactively detecting failure points in a network
    Patent number: 11546240
    Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include periodically performing a full trace, at a first interval, to a destination; periodically performing a short trace, at a second interval that is less than the first interval, to a node in a cloud-based system; responsive to detection of issues based on the short trace, performing a full trace to the destination; and providing results of any of the full trace, the short trace, and any associated issues detected based thereon.
    Type: Grant
    Filed: March 1, 2021
    Date of Patent: January 3, 2023
    Assignee: Zscaler, Inc.
    Inventors: Sandeep Kamath Voderbet, Chakkaravarthy Periyasamy Balaiah, Srikanth Devarajan
  • Secure access to third-party cloud-based applications
    Patent number: 11544410
    Abstract: Systems and methods include, on a respective node of a plurality of nodes communicatively coupled to one another forming a cloud-based system, receiving a request to obtain data from the third-party cloud application. The systems and methods also include implementing a lightweight agent, on the respective node, that is configured to access data, of a third-party cloud application of the cloud-based services, via an application-only security token layer on the cloud-based system. The systems and methods further include utilizing the lightweight agent to access the third-party cloud application via the application-only security token and obtain data from the third-party cloud application. The systems and methods yet further include providing a response to the request based on the data obtained from the third-party cloud application.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: January 3, 2023
    Assignee: Zscaler, Inc.
    Inventor: Steve Peschka
  • Selectively exposing application programming interfaces dynamically for microservices
    Patent number: 11537456
    Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: December 27, 2022
    Assignee: Zscaler, Inc.
    Inventors: Arvind Nadendla, Subramanian Srinivasan, Vivek Dhiman
  • Enforcing security policies on mobile devices in a hybrid architecture
    Patent number: 11533307
    Abstract: Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: December 20, 2022
    Assignee: Zscaler, Inc.
    Inventors: Vikas Mahajan, Rohit Goyal
  • Quarantining fake, counterfeit, jailbroke, or rooted mobile devices in the cloud
    Patent number: 11533622
    Abstract: Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service. The systems and methods can further include, prior to the causing, requiring the mobile device to install and launch an application, wherein registration with the security service requires the application; and performing the validation check via the application and a fake check service.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: December 20, 2022
    Assignee: Zscaler, Inc.
    Inventors: Sreedhar Pampati, David Creedy, Brijesh Singh