Patents Assigned to Zscaler, Inc.
  • Systems and methods for tracking and auditing changes in a multi-tenant cloud system
    Patent number: 10587671
    Abstract: Systems and methods for tracking and auditing changes in one or more cloud-based systems include, at a Web application, intercepting requests between one or more users and the Web application associated with the one or more cloud-based systems and creating log messages based on the intercepted requests; at a log forwarder in the logging system, forwarding the log messages to a log indexer; at the log indexer in the logging system, receiving the forwarded log messages and indexing the forwarded log messages in a centralized storage; and, at the logging system, responsive to a query, forwarding responsive indexed data from the centralized storage, based on the query.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: March 10, 2020
    Assignee: Zscaler, Inc.
    Inventors: Manav Verma, Sofian Halim, Gunjan Bhasin
  • Systems and methods for cloud-based service function chaining using security assertion markup language (SAML) assertion
    Patent number: 10574652
    Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: February 25, 2020
    Assignee: Zscaler, Inc.
    Inventors: Purvi Desai, Abhinav Bansal, Tejus Gangadharappa
  • Mobile device security, device management, and policy enforcement in a cloud based system
    Patent number: 10523710
    Abstract: Mobile device security, device management, and policy enforcement are described in a cloud based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud based method for mobile device security, device management, and policy enforcement includes, responsive to configuring the mobile device for connectivity to the cloud system, monitoring data between the mobile device and the external network, wherein the cloud system connects to the mobile device independent of a type, platform, or operating system associated with the mobile device; analyzing the data in real-time in the cloud system thereby not impacting performance of the mobile device; and controlling exchange of the data, in the cloud system, between the mobile device and the external network based on the analyzing.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: December 31, 2019
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
  • Multidimensional risk profiling for network access control of mobile devices through a cloud based security system
    Patent number: 10511607
    Abstract: A server configured to profile a mobile device for a cloud-based system, includes a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to, based on communication to a client application on the mobile device, cause the client application to collect data associated with the mobile device; receive the collected data; and determine a device fingerprint and a risk index for the mobile device based on the collected data, wherein the device fingerprint is utilized to uniquely identify the mobile device and the risk index is utilized to manage the mobile device.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: December 17, 2019
    Assignee: Zscaler, Inc.
    Inventors: Abhinav Bansal, Purvi Desai
  • Cloud based systems and methods for determining and visualizing security risks of companies, users, and groups
    Patent number: 10498605
    Abstract: Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
    Type: Grant
    Filed: August 8, 2017
    Date of Patent: December 3, 2019
    Assignee: Zscaler, Inc.
    Inventors: Loren Weith, Deepen Desai, Amit Sinha
  • Systems and methods for security and control of internet of things and zeroconf devices using cloud services
    Patent number: 10498750
    Abstract: Systems and methods of monitoring and controlling Internet of Things (IOT) and ZeroConf devices using a cloud-based security system include receiving fingerprints of the IOT and ZeroConf devices and data related to operation from a plurality of user devices; receiving updates related to the IOT and ZeroConf devices, configuration thereof, and proper operation thereof; determining security risk of the IOT and ZeroConf devices based on the fingerprints, the data related to operation, and the updates; and providing the security risk to the plurality of user devices and causing one or more policy-based actions to be performed based on the security risk.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: December 3, 2019
    Assignee: Zscaler, Inc.
    Inventor: Abhinav Bansal
  • Systems and methods to detect and monitor DNS tunneling
    Patent number: 10432651
    Abstract: Systems and methods of detecting Domain Name System (DNS) tunnels for monitoring thereof include obtaining data related to DNS traffic between DNS nameservers and clients; determining a score for each DNS nameserver based on the data to characterize DNS queries over a period of time for each DNS nameserver, wherein the score incorporates all DNS queries associated with the associated DNS nameserver over the period of time; determining one or more DNS nameservers likely operating DNS tunnels based on the score; and performing one or more actions on the one or more DNS nameservers related to the DNS tunnels.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventors: Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Srikanth Devarajan
  • In-channel event processing for network agnostic mobile applications in cloud based security systems
    Patent number: 10432673
    Abstract: Systems and methods in a mobile device communicatively coupled to a cloud based security system, the method for detecting and processing in-channel events associated with a network agnostic mobile application, the method includes intercepting outgoing data from the network agnostic mobile application at a tunnel interface on the mobile device; monitoring the outgoing data for network transactions from the network agnostic mobile application to maintain a context of the network transactions and intended responses for every request; transmitting the outgoing data from the tunnel interface to the cloud based security system; and receiving a response from the cloud based security system responsive to the outgoing data and processing any deviation from the intended responses.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventors: Abhinav Bansal, Vikas Mahajan, Purvi Desai
  • Systems and methods for improving HTTPS security
    Patent number: 10432588
    Abstract: Systems and methods include, at the gateway, receiving a domain request from a user device executing a HyperText Transfer Protocol (HTTP) Strict Transport Security (HSTS) application that detects the domain request from a browser or application executed on the user device; transmitting a response to the user device with support of HTTP Security (HTTPS) by the domain; receiving an updated domain request with information removed based on the HTTPS support of the domain; and redirecting the user device to the domain.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: October 1, 2019
    Assignee: Zscaler, Inc.
    Inventor: Ajit Singh
  • Systems and methods for blocking targeted attacks using domain squatting
    Patent number: 10419477
    Abstract: Systems and methods for identifying and addressing domains suspected as malicious domains used for targeted attacks in a cloud-based system include receiving valid domains; receiving an unidentified domain; comparing the unidentified domain to the valid domains to derive a distance calculation of the unidentified domain to each of the valid domains; determining whether the unidentified domain is a cybersquatting attempt of one of the valid domains based on the comparing; and, responsive to the determining the unidentified domain is a cybersquatting attempt, one of notifying an operator/user and blocking the unidentified domain in the cloud-based system.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: September 17, 2019
    Assignee: Zscaler, Inc.
    Inventors: Deepen Desai, Amit Sinha
  • Systems and methods for service replication, validation, and recovery in cloud-based systems
    Patent number: 10379966
    Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: August 13, 2019
    Assignee: Zscaler, Inc.
    Inventors: Tejus Gangadharappa, Wai Leung Chan, Dinoja Padmanabhan, Sivaprasad Udupa
  • Cloud-based virtual private access systems and methods
    Patent number: 10375024
    Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: August 6, 2019
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
  • Cloud-based malware detection
    Patent number: 10262136
    Abstract: Systems, methods and apparatus for malware detection detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A malware detection service external to network edges of a system receives a request from a computer within the system, the request identifying a signature associated with content. The service determines a status indicator of the content using the signature, and transmits the status indicator to the computer.
    Type: Grant
    Filed: August 4, 2008
    Date of Patent: April 16, 2019
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
  • Secure and lightweight traffic forwarding systems and methods to cloud based network security systems
    Patent number: 10243997
    Abstract: A method implemented by an agent operating on a mobile device communicating to a cloud-based system includes opening up local listening sockets on the mobile device; redirecting outgoing traffic from all application on the mobile device except the agent to the local listening sockets; and forwarding the outgoing traffic from the local listening sockets to the cloud-based system with additional information included therein for the cloud-based system.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: March 26, 2019
    Assignee: Zscaler, Inc.
    Inventors: Purvi Desai, Vikas Mahajan, Abhinav Bansal
  • Content delivery network protection from malware and data leakage
    Patent number: 10237286
    Abstract: Content Delivery Network (CDN) protection systems and methods, performed by a cloud node in a distributed security system include receiving traffic between one or more origin servers and the CDN; monitoring the traffic based on policy; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: March 19, 2019
    Assignee: Zscaler, Inc.
    Inventors: Dhawal Kumar Sharma, Manoj Apte, Patrick Foxhoven
  • Systems and methods for improving HTTPS security
    Patent number: 10225237
    Abstract: Systems and methods for HyperText Transfer Protocol (HTTP) HTTP Strict Transport Security (HSTS), are implemented by one or more servers associated with a gateway in a cloud based proxy. A method includes managing a preloaded list of HTTP Security (HTTPS) support of a plurality of domains; receiving a domain request from an HSTS application executed on a user device, wherein the HSTS application is configured to detect the domain request from a browser or application executed on the user device; and transmitting a response to the user device with header information related to support of HTTPS the domain.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: March 5, 2019
    Assignee: Zscaler, Inc.
    Inventor: Ajit Singh
  • Multidimensional risk profiling for network access control of mobile devices through a cloud based security system
    Patent number: 10225740
    Abstract: Systems and methods implemented in a cloud node in a cloud based security system for network access control of a mobile device based on multidimensional risk profiling thereof include receiving posture data from the mobile device; determining a device fingerprint and a risk index of the mobile device based on the posture data; and, responsive to a request by the mobile device for network resources through the cloud based security system, performing a multidimensional risk analysis based on the device fingerprint and the risk index and allowing or denying the request based on the multidimensional risk analysis.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: March 5, 2019
    Assignee: Zscaler, Inc.
    Inventors: Abhinav Bansal, Purvi Desai
  • Optimized query processing using aggregates with varying grain sizes
    Patent number: 10216790
    Abstract: A computer-implemented method and system for querying aggregates in a database include maintaining aggregates based on a dimension in the database with at least two grain sizes; receiving a query of the aggregates for a defined range of the dimension; finding a start and an end for a read operation for a larger grain size of the at least two grain sizes of the aggregates for the defined range; reading a first set from the start to the end in the database of the larger grain size of the at least two grain sizes of the aggregates; reading a second set comprising a smaller grain size of the at least two grain sizes of the aggregates based on the defined range and the start and the end; and adjusting the first set with the second set.
    Type: Grant
    Filed: August 14, 2014
    Date of Patent: February 26, 2019
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Sushil Pangeni, Chakkaravarthy Periyasamy Balaiah, Lakshmaiah Regoti, Kumar Gaurav
  • Cloud based systems and methods for determining security risks of users and groups
    Patent number: 10142362
    Abstract: Systems and method are implemented by one or more servers associated with a cloud-based security system, for determining security risks of entities including users or groups of users associated with the cloud-based security system and optimizing remediation based thereon. The method includes maintaining logs of transactions through the cloud-based security system; obtaining a plurality of attributes from the transactions while excluding impossible comparison items from the transactions; performing empirical scoring on normalizing the plurality of attributes for ranking risky entities; identifying the risky entities based on one of the empirical scoring and analytics; and updating policies and/or monitoring in the cloud-based system based on the identifying.
    Type: Grant
    Filed: June 2, 2016
    Date of Patent: November 27, 2018
    Assignee: Zscaler, Inc.
    Inventors: Loren Weith, Deepen Desai, Amit Sinha
  • Client application based access control in cloud security systems for mobile devices
    Patent number: 10044719
    Abstract: Systems and methods, implemented by one or more nodes in a cloud-based security system, for enforcing application-based control of network resources include receiving a request from a user device for the network resources; evaluating the request through the cloud-based security system and determining an application on the user device performing the request; and performing one of (1) denying the request if the application is unauthorized to access the network resources, (2) redirecting the request to an authorized application on the user device if the application is legitimate but unauthorized to access the network resources, and (3) allowing the request if the application is authorized to access the network resources.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: August 7, 2018
    Assignee: Zscaler, Inc.
    Inventors: Purvi Desai, Abhinav Bansal