Patents Assigned to Zscaler, Inc.
-
Patent number: 11522890Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.Type: GrantFiled: September 30, 2019Date of Patent: December 6, 2022Assignee: Zscaler, Inc.Inventor: John O'Neil
-
Patent number: 11509673Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.Type: GrantFiled: June 11, 2020Date of Patent: November 22, 2022Assignee: Zscaler, Inc.Inventors: John O'Neil, Michael J. Melson
-
Patent number: 11502908Abstract: Systems and methods implemented in a node in a cloud-based system include loading a data structure into memory, wherein the data structure includes cities mapped to cells where the cells cover all of the Earth; receiving a call with a given latitude and longitude of a user device; finding a closest city to the given latitude and longitude utilizing the data structure; and providing the closest city in response to the call. The systems and methods can also include utilizing the closest city for policy in the cloud-based system for the user device.Type: GrantFiled: June 2, 2021Date of Patent: November 15, 2022Assignee: Zscaler, Inc.Inventor: Ajit Singh
-
Patent number: 11496387Abstract: Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies. The assigning can be based on heuristics. The assigning can be performed without reperforming auto segmentation.Type: GrantFiled: June 17, 2021Date of Patent: November 8, 2022Assignee: Zscaler, Inc.Inventors: Scott Laplante, Peter Nahas, Xing Li, Suji Suresh, Daniel R. Perkins, Peter Smith
-
Patent number: 11489878Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system.Type: GrantFiled: September 8, 2021Date of Patent: November 1, 2022Assignee: Zscaler, Inc.Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
-
Patent number: 11475368Abstract: Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.Type: GrantFiled: September 18, 2020Date of Patent: October 18, 2022Assignee: Zscaler, Inc.Inventors: Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
-
Patent number: 11455407Abstract: Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.Type: GrantFiled: August 19, 2020Date of Patent: September 27, 2022Assignee: Zscaler, Inc.Inventors: Zhifeng Zhang, Arun Bhallamudi, Pooja Deshmukh
-
Patent number: 11438363Abstract: Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain.Type: GrantFiled: April 3, 2020Date of Patent: September 6, 2022Assignee: Zscaler, Inc.Inventor: Nathan Howe
-
Patent number: 11429589Abstract: Systems and methods include obtaining a file to be checked for Data Loss Prevention (DLP); determining a cryptographic hash of the file and comparing the cryptographic hash to corresponding cryptographic hashes of indexed files; responsive to a match between the cryptographic hash and one of the corresponding cryptographic hashes, determining a DLP match and performing an action based thereon; responsive to no match, extracting text from the file and creating an ordered sequence of hashes of variable length chunks of the extracted text; and determining the DLP match with one of the indexed files based on comparing the ordered sequence of hashes with corresponding ordered sequence of hashes of the indexed files.Type: GrantFiled: July 8, 2020Date of Patent: August 30, 2022Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
-
Patent number: 11425015Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include performing a plurality of traces between two nodes in a service path; obtaining latency measurements for each of the plurality of traces for each of one or more hops between the two nodes; and determining average latency between each of the one or more hops based on the latency measurements, adjusted average latency for each hop, and differential average latency for each hop.Type: GrantFiled: January 14, 2021Date of Patent: August 23, 2022Assignee: Zscaler, Inc.Inventors: Pankaj Chhabra, Sandeep Kamath
-
Patent number: 11425097Abstract: Systems and methods include receiving a request, in a cloud system from a user device, to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the cloud system, the application, and the user device to provide access to the application.Type: GrantFiled: August 1, 2019Date of Patent: August 23, 2022Assignee: Zscaler, Inc.Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
-
Patent number: 11412001Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.Type: GrantFiled: June 10, 2020Date of Patent: August 9, 2022Assignee: Zscaler, Inc.Inventor: John O'Neil
-
Patent number: 11394563Abstract: Systems and methods include, in a node operating as a snooping proxy, monitoring traffic between a user device and the Internet; detecting and monitoring a handshake between the user device and an endpoint for determining keys associated with encryption between the user device and the endpoint; monitoring encrypted traffic between the user device and the endpoint subsequent to the handshake based on the keys; and performing one or more security functions on the encrypted traffic based on the monitoring. The node can be part of a cloud-based security system and configured inline between the user device and the endpoint.Type: GrantFiled: April 30, 2020Date of Patent: July 19, 2022Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Vijay Bulusu, Leslie McCutcheon
-
Patent number: 11388177Abstract: Systems and methods for security and control of Internet of Things (IOT) and ZeroConf devices using cloud services. The present disclosure uses an application that runs on a user device in a promiscuous mode to look for potentially vulnerable and compromised machines on the local network. Specifically, the user device can fingerprint ZeroConf and IOT networks based on their static and dynamic behavior. The application discovers all hosts on the network and uses a cloud service such as via a cloud-based system to detect potentially malicious IOTs with known vulnerabilities. Based on an enterprise policy or user's preferences, the solution can alert if any IOT device tries to communicate with the user's device or if the user's device itself broadcasts services running on the device such as screen sharing/file sharing.Type: GrantFiled: October 30, 2019Date of Patent: July 12, 2022Assignee: Zscaler, Inc.Inventor: Abhinav Bansal
-
Patent number: 11381446Abstract: Systems and methods include obtaining network communication information about hosts in a network and applications executed on the hosts; automatically generating one or more microsegments in the network based on analysis of the obtained network communication information, wherein each microsegment of the one or more microsegments is a grouping of resources including the hosts and the applications executed on the hosts that have rules for network communication; automatically generating a meaningful name for the one or more microsegments based on a plurality of techniques applied to information associated with the hosts; and displaying the automatically generated one or more microsegments and the corresponding automatically generated meaningful name.Type: GrantFiled: November 23, 2020Date of Patent: July 5, 2022Assignee: Zscaler, Inc.Inventors: John O'Neil, Peter Smith
-
Patent number: 11368490Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.Type: GrantFiled: February 17, 2020Date of Patent: June 21, 2022Assignee: Zscaler, Inc.Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
-
Patent number: 11368496Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.Type: GrantFiled: June 11, 2020Date of Patent: June 21, 2022Assignee: Zscaler, Inc.Inventors: Peter Nahas, Peter Smith, Harry Sverdlove, John O'Neil, Scott Laplante, Andriy Kochura
-
Patent number: 11363022Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.Type: GrantFiled: April 27, 2020Date of Patent: June 14, 2022Assignee: Zscaler, Inc.Inventors: Sreedhar Pampati, David Creedy, Vikas Mahajan
-
Patent number: 11349880Abstract: Systems and methods include providing functionality for the user device while operating in background on the user device including providing secure connectivity with a cloud-based system over a network; continuously collecting packets intercepted by the enterprise application over a time interval, wherein the collected packets are collected over the time interval; and responsive to an issue with functionality of the enterprise application, transmitting the collected packets to a back end server for troubleshooting of the issue. The time interval is a set amount of time, and each collected packet is deleted at the expiration of the time interval.Type: GrantFiled: July 14, 2021Date of Patent: May 31, 2022Assignee: Zscaler, Inc.Inventors: Rohit Goyal, Rishabh Gupta
-
Patent number: 11347847Abstract: Systems, methods and apparatus for malware detection detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A cloud-based malware detection method includes receiving a signature from a computer, wherein the signature which identifies a file and the signature is smaller in size than the file; determining whether the file is trusted, untrusted, or unknown for malware based on the signature; and transmitting whether the file is trusted, untrusted, or unknown for malware to the computer based on the determining, wherein the computer is precluded from distribution of the file responsive to the file being untrusted.Type: GrantFiled: December 28, 2017Date of Patent: May 31, 2022Assignee: Zscaler, Inc.Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
