Patents Assigned to Zscaler
-
Patent number: 11863674Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.Type: GrantFiled: December 23, 2020Date of Patent: January 2, 2024Assignee: Zscaler, Inc.Inventors: Balakrishna Bayar, Arun Bhallamudi, Srikanth Devarajan, Siva Udupa, Pooja Deshmukh
-
Patent number: 11863391Abstract: Systems and methods include connecting to and authenticating a plurality of user devices; utilizing a plurality of RESTful (Representational State Transfer web service) endpoints to communicate with the plurality of user devices; providing any of policy and configuration to the plurality of user devices utilizing version number via a RESTful endpoint; caching the any of policy and configuration for each device of the plurality of user devices; and receiving metrics based on measurements at the plurality of user devices according to corresponding policy and configuration, via a RESTful endpoint.Type: GrantFiled: June 4, 2021Date of Patent: January 2, 2024Assignee: Zscaler, Inc.Inventors: Sushil Pangeni, Srikanth Devarajan, Ajit Singh, Chenglong Zheng, Sandeep Kamath, Di Wang
-
Patent number: 11863662Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.Type: GrantFiled: May 18, 2022Date of Patent: January 2, 2024Assignee: Zscaler, Inc.Inventors: Peter Nahas, Peter Smith, Harry Sverdlove, John O'Neil, Scott Laplante, Andriy Kochura
-
Patent number: 11843577Abstract: Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.Type: GrantFiled: August 16, 2021Date of Patent: December 12, 2023Assignee: Zscaler, Inc.Inventors: Ajit Singh, Vivek Ashwin Raman, Abhinav Bansal, Thomas Evan Keiser, Jr., John H. O'Neil
-
Patent number: 11838271Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.Type: GrantFiled: October 30, 2020Date of Patent: December 5, 2023Assignee: Zscaler, Inc.Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Manoj Apte, Kunal Shah, Dhawal Sharma
-
Patent number: 11838299Abstract: Systems and methods include receiving a request for resources that are one of web content and a cloud application from a user device; determining the request requires isolation based on any of policy, category of the web content, type of the user device, and location of the user device; rendering content associated with the request in a secure environment that is isolated from the user device; and providing image content based on the content to the user device. The user device can execute a web browser that loads the image content utilizing a JavaScript application and that interacts with the image content by sending keyboard and mouse inputs via a WebSocket channel.Type: GrantFiled: December 4, 2019Date of Patent: December 5, 2023Assignee: Zscaler, Inc.Inventors: Uli P. Mittermaier, Alex-Marian Negrea
-
Patent number: 11829467Abstract: Computer-implemented systems and methods include receiving unknown content in a cloud-based sandbox; performing an analysis of the unknown content in the cloud-based sandbox, to obtain a score to determine whether or not the unknown content is malware; obtaining events based on the analysis; running one or more rules on the events; and adjusting the score based on a result of the one or more. The systems and methods can include classifying the unknown content as malware or clean based on the adjusted score. The analysis can include a static analysis and a dynamic analysis, with the events generated based thereon.Type: GrantFiled: January 30, 2020Date of Patent: November 28, 2023Assignee: Zscaler, Inc.Inventors: Nirmal Singh Bhary, Deepen Desai
-
Patent number: 11829347Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.Type: GrantFiled: April 26, 2022Date of Patent: November 28, 2023Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
-
Patent number: 11822657Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: GrantFiled: April 20, 2022Date of Patent: November 21, 2023Assignee: Zscaler, Inc.Inventors: Huihsin Tseng, Hao Xu, Jian L Zhen
-
Patent number: 11811855Abstract: Systems and methods for policy based agentless file transfer in zero trust private networks. Various systems and methods include receiving a request for a file transfer; determining a file transfer protocol; evaluating one or more criteria associated with the request, the criteria being associated with any of an end user and the contents of the file; and allowing or denying the file transfer based on the evaluating. Responsive to an end user's policy including a requirement for file inspection, the steps can further include sending the file to a sandbox for inspection, and receiving a result of the inspection from the sandbox.Type: GrantFiled: May 1, 2023Date of Patent: November 7, 2023Assignee: Zscaler, Inc.Inventors: Dejan Mihajlovic, Monica Bhaskaran, Mithun A S, Sunita Darbarwar, Rakesh Adepu, Sandip Davara, Abhijeet Malik, Mahesh Krishna Kumar, Kanti Varanasi, William Fehring, John A. Chanak, Sunil Menon
-
Patent number: 11811633Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include identifying one or more of a proxy and a tunnel in a network path, determining a relative location of the proxy and the tunnel in the network path, performing a plurality of traces, for a plurality of legs of the network path based on the locations of the proxy and the tunnel, and aggregating details related to the plurality of legs of the network path to provide a holistic view of the network. The different protocols include Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP).Type: GrantFiled: November 17, 2022Date of Patent: November 7, 2023Assignee: Zscaler, Inc.Inventor: Pankaj Chhabra
-
Patent number: 11811623Abstract: Techniques for deep tracing of one or more users via a cloud-based system include receiving a request from an administrator to actively troubleshoot a user; causing a user device associated with the user to create a deep tracing session based on the request; assisting the user device in performing one or more traces of a plurality of traces to a destination; receiving results from any of the plurality of traces and results from metrics collected at the user device; and displaying a network map between the user device and the destination.Type: GrantFiled: November 16, 2021Date of Patent: November 7, 2023Assignee: Zscaler, Inc.Inventors: Amit Sinha, Srikanth Devarajan, Chakkaravarthy Periyasamy Balaiah, Khaireddine Mazboudi, Sandeep Kamath Voderbet, Sushil Pangeni, Pratap Ramachandra, Amber Wu
-
Patent number: 11805138Abstract: Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.Type: GrantFiled: August 19, 2020Date of Patent: October 31, 2023Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi
-
Patent number: 11803641Abstract: Systems and methods include determining a plurality of features associated with executable files, wherein the plurality of features are each based on static properties in predefined structure of the executable files; obtaining training data that includes samples of benign executable files and malicious executable files; extracting the plurality of features from the training data; and utilizing the extracted plurality of features to train a machine learning model to detect malicious executable files.Type: GrantFiled: October 26, 2020Date of Patent: October 31, 2023Assignee: Zscaler, Inc.Inventors: Changsha Ma, Nirmal Singh, Naveen Selvan, Tarun Dewan, Uday Pratap Singh, Deepen Desai, Bharath Meesala, Rakshitha Hedge, Parnit Sainion, Shashank Gupta, Narinder Paul, Rex Shang, Howie Xu
-
Patent number: 11799876Abstract: Systems and methods include receiving a list of web sites; anonymously browsing to each web site in the list; receiving a response based on the browsing; and analyzing the response to classify each web site as malicious or not based on a plurality of techniques including JavaScript (JS) obfuscation detection based on de-obfuscation. The systems and methods can further include providing a blacklist of web sites classified as malicious. The systems and methods can further include determining the list of web sites periodically based on a plurality of factors. The JS obfuscation detection can be performed by de-obfuscating JS content and utilizing heuristics to determine if the de-obfuscated JS content is malicious, and the heuristics can include a presence of any of a new JS function and a domain in the de-obfuscated JS content.Type: GrantFiled: November 18, 2019Date of Patent: October 24, 2023Assignee: Zscaler, Inc.Inventors: Deepen Desai, Dhruval Gandhi, Sachin Matte
-
Patent number: 11799860Abstract: Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.Type: GrantFiled: November 24, 2020Date of Patent: October 24, 2023Assignee: Zscaler, Inc.Inventors: Kunal Shah, John A. Chanak, David Creedy
-
Patent number: 11792194Abstract: Systems and methods include obtaining a set of policies to in the serverless computing system, wherein the set of policies specify which applications are authorized for communication with the serverless computing system; and modifying rules in a network Access Control List (ACL) associated with the serverless computing system based on the set of policies, wherein the network ACL includes rules that specify allowing and blocking communication. The serverless computing system includes having underlying hardware abstracted therefrom. The network ACL is provided by a cloud provider that hosts the serverless computing system.Type: GrantFiled: December 17, 2020Date of Patent: October 17, 2023Assignee: Zscaler, Inc.Inventor: Peter Smith
-
Patent number: 11785022Abstract: Systems and methods include obtaining file identifiers associated with files in production data; obtaining lab data from one or more public repositories of malware samples based on the file identifiers for the production data; and utilizing the lab data for training a machine learning process for classifying malware in the production data. The obtaining file identifiers can be based on monitoring of users associated with the files, and only the file identifiers are maintained based on the monitoring. The lab data can include samples from the one or more public repositories matching the corresponding file identifiers for the production data. The lab data can include samples from the one or more public repositories that have features closely related to features of the production data.Type: GrantFiled: June 16, 2020Date of Patent: October 10, 2023Assignee: Zscaler, Inc.Inventors: Changsha Ma, Dianhuan Lin, Rex Shang, Douglas A. Koch, Dong Guo, Howie Xu
-
Patent number: 11784904Abstract: Techniques for using trace with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include determining a number of hops from a source that is the user device and a destination, including determining metrics from the source to the destination; performing a trace to all intermediate nodes between the source and the destination, including determining metrics from the source to each of the intermediate nodes; and combining and presenting the metrics from the source to the destination and from the source to each of the intermediate nodes.Type: GrantFiled: February 25, 2022Date of Patent: October 10, 2023Assignee: Zscaler, Inc.Inventor: Sandeep Kamath
-
Patent number: 11785033Abstract: Systems and methods include obtaining unused user accounts associated with a cloud application where an unused user account is one where a corresponding user has not accessed the cloud application in a certain period of time; determining a subset of the unused user accounts that are abnormal user accounts, wherein an abnormal user account is one that is anomalous compared to similar users; scoring and ranking the unused and abnormal user accounts; and remediating a set of the ranked unused and abnormal user accounts.Type: GrantFiled: June 10, 2021Date of Patent: October 10, 2023Assignee: Zscaler, Inc.Inventors: Arik Kfir, Nadav Pozmantir, Hila Paz Herszfang