Patents Assigned to Zscaler
  • Mobile device security, device management, and policy enforcement in a cloud-based system
    Patent number: 11716359
    Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one or more mobile profiles for one or more mobile devices each associated with a user from an enterprise; responsive to enrollment of a mobile device of the one or more mobile devices, communicating to the mobile device; determining an associated mobile profile of the one or more mobile profiles for the mobile device; and configuring the mobile device based on the associated mobile profile.
    Type: Grant
    Filed: September 28, 2022
    Date of Patent: August 1, 2023
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
  • Cloud-based malware detection
    Patent number: 11687651
    Abstract: Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A Malware Detection Service (MDS) including a processor and memory storing computer program instructions that when executed cause the processor to receive one of content or a signature of a file, responsive to receiving a signature of a file, determine a status of the file as trusted, untrusted, or unknown for malware based on the signature, responsive to receiving content of a file, generate a signature of the file and scan the content to identify the status of the content as trusted or untrusted.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: June 27, 2023
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
  • Application identity-based enforcement of datagram protocols
    Patent number: 11683345
    Abstract: Systems and methods include obtaining telemetry from a plurality of security agents each operating on a device in a network, wherein the telemetry is collected locally related to datagram protocol packets; analyzing the telemetry to determine applications associated with the datagram protocol packets flowing in the network and virtual circuits between each of the applications; determining enforcement policies for each application that communicates with other applications over a datagram protocol; and providing the enforcement policies to the plurality of security agents for allowing and blocking communications associated with the datagram protocol.
    Type: Grant
    Filed: July 9, 2021
    Date of Patent: June 20, 2023
    Assignee: Zscaler, Inc.
    Inventor: Thomas E. Keiser, Jr.
  • Prudent ensemble models in machine learning with high precision for use in network security
    Patent number: 11669779
    Abstract: Systems and methods include receiving a content item between a user device and a location on the Internet or an enterprise network; utilizing a trained machine learning ensemble model to determine whether the content item is malicious; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item; and, responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item. A blind spot is a location where the trained machine learning ensemble model has not seen any examples with a combination of features at the location or has examples with conflicting labels.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: June 6, 2023
    Assignee: Zscaler, Inc.
    Inventors: Dianhuan Lin, Rex Shang, Changsha Ma, Kevin Guo, Howie Xu
  • Detection of latency, packet drops, and network hops through a tunnel by tracing hops therein
    Patent number: 11671438
    Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request, from a client, for a trace of the tunnel; causing the trace inside the tunnel; obtaining results of the trace inside the tunnel; and sending the results of the trace inside the tunnel to the client so that the client aggregates these details with details from one or more additional legs to provide an overall view of a service path between the client and a destination.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: June 6, 2023
    Assignee: Zscaler, Inc.
    Inventor: Srikanth Devarajan
  • Data loss prevention incident forwarding
    Patent number: 11671433
    Abstract: A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: June 6, 2023
    Assignee: Zscaler, Inc.
    Inventors: Narinder Paul, Arun Bhallamudi, James Tan, Frank Zhang, Pooja Deshmukh
  • Systems and methods for efficiently maintaining records in a cloud-based system
    Patent number: 11650965
    Abstract: Systems and methods include obtaining statistics based on monitoring in a cloud-based system for a given time period; and, responsive to determining an arrangement of counters for N counters, storing each of M counters for the given time period as a plurality of records with each record including a record type, a possible offset to a next record in terms of a counter identifier (ID), and a counter value, wherein N and M are integers and M<<N, and wherein the arrangement is determined such that most frequently used counters occupy lower counter IDs. The systems and methods can further include updating the arrangement of the counters for the N counters, to perform an optimization such that the most frequently used counters occupy lower counter IDs.
    Type: Grant
    Filed: April 17, 2020
    Date of Patent: May 16, 2023
    Assignee: Zscaler, Inc.
    Inventors: Raman Madaan, Kumar Gaurav, Chakkaravarthy Periyasamy Balaiah, Kailash Kailash
  • Secure application access systems and methods via a lightweight connector and a cloud-based system
    Patent number: 11652797
    Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: May 16, 2023
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
  • Cloud application design for efficient troubleshooting
    Patent number: 11647055
    Abstract: Systems and methods include providing functionality for the user device while operating in background on the user device including providing secure connectivity with a cloud-based system over a network; continuously collecting packets intercepted by the enterprise application over a time interval, wherein the collected packets are collected over the time interval; and responsive to an issue with functionality of the enterprise application, transmitting the collected packets to a back end server for troubleshooting of the issue. The time interval is a set amount of time, and each collected packet is deleted at the expiration of the time interval.
    Type: Grant
    Filed: April 25, 2022
    Date of Patent: May 9, 2023
    Assignee: Zscaler, Inc.
    Inventors: Rohit Goyal, Rishabh Gupta
  • Cached web probes for monitoring user experience
    Patent number: 11647067
    Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving a response to a first web probe to a destination server; caching data associated with the response to the first web probe in a cache; receiving a request for a second web probe to the destination server; and serving a response to the second web probe utilizing the data in the cache in lieu of forwarding the second web probe to the destination server.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: May 9, 2023
    Assignee: Zscaler, Inc.
    Inventors: Chenglong Zheng, Srikanth Devarajan, Vikas Mahajan, Sandeep Kamath Voderbet
  • Cloud access security broker systems and methods with an in-memory data store
    Patent number: 11637910
    Abstract: Systems and methods include receiving a record associated with an incident that was detected by the CASB system in a Software-as-a-Service (SaaS) application; determining a hash based on a plurality of levels for the record; determining if the record exists in a data store based on the hash, and if the record exists, deleting an old record; and inserting the record in the data store based on the hash, wherein the data store is maintained in-memory and includes records at leaf nodes in a multi-level hash based on the plurality of levels.
    Type: Grant
    Filed: October 2, 2020
    Date of Patent: April 25, 2023
    Assignee: Zscaler, Inc.
    Inventors: Abhishek Bathla, Kumar Gaurav, Raman Madaan, Chakkaravarthy Periyasamy Balaiah, Shweta Gupta
  • Detection of network hops and latency through an opaque tunnel and detection misconfiguration of tunnels
    Patent number: 11637766
    Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: April 25, 2023
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Chenglong Zheng, Ajit Singh, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko
  • Semi-automatic communication network microsegmentation
    Patent number: 11632401
    Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: April 18, 2023
    Assignee: Zscaler, Inc.
    Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
  • Advanced threat detection through historical log analysis
    Patent number: 11627148
    Abstract: Systems and methods include obtaining data from a log system storing historical transactions monitored by a security system; creating one or more mock transactions based on the data; and analyzing the one or more mock transactions with a signature pattern matching engine having updates provided therein subsequent to a time of the historical transactions. The one or more mock transactions can have a header based on the data from corresponding historical transactions. The systems and methods can include performing a content scan in the one or more mock transactions based on the signature pattern matching engine having the updates, or determining malicious activity in the one or more mock transactions based on the signature pattern matching engine having the updates to determine missed matches in the corresponding historical transactions.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: April 11, 2023
    Assignee: Zscaler, Inc.
    Inventor: Deepen Desai
  • Mobile and IoT device forwarding to the cloud
    Patent number: 11596027
    Abstract: A method, implemented in a cloud-based system, includes, responsive to a client device having a Subscriber Identity Module (SIM) card therein connecting to a mobile network from a mobile network operator, receiving authentication of the client device based on the SIM card; receiving forwarded traffic from the client device; and processing the forwarded traffic according to policy, wherein the policy is determined based on one of a user of the client device and a type of the client device, each being determined based on the SIM card.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: February 28, 2023
    Assignee: Zscaler, Inc.
    Inventor: Nathan Howe
  • Identity-based enforcement of network communication in serverless workloads
    Patent number: 11588859
    Abstract: Systems and methods include implementing dynamic runtime code manipulation to modify application code associated with calls related to networking, with the calls implemented by application software executed as a serverless workload; intercepting the calls from the application software based on the modified application code; determining whether to permit the calls based on a set of policies; responsive to permitting a call, making the call to an operating system interface on behalf of the application software; and, responsive to not permitting the call, providing a failure notification to the application software.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: February 21, 2023
    Assignee: Zscaler, Inc.
    Inventor: Thomas E. Keiser, Jr.
  • Multi-tenant cloud-based firewall systems and methods
    Patent number: 11582192
    Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
  • Cloud access security broker systems and methods via a distributed worker pool
    Patent number: 11582261
    Abstract: A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker. The plurality of workers can be further configured to cause an action in the one or more cloud providers based on the crawl and based on the policy and the configuration. The action can include any of allowing a file, deleting a file, quarantining a file, and providing a notification.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
  • Highly scalable RESTful framework
    Patent number: 11582294
    Abstract: Systems and methods implemented in a node in a cloud-based system include operating a first cloud service that is implemented as a monolith system; operating a RESTful framework (Representational State Transfer web service) embedded in the cloud node; and operating one or more applications for one or more cloud services utilizing the RESTful framework, wherein the one or more applications are microservices. The RESTful framework utilizes Hypertext Transfer Protocol (HTTP) methods.
    Type: Grant
    Filed: June 4, 2021
    Date of Patent: February 14, 2023
    Assignee: Zscaler, Inc.
    Inventors: Sushil Pangeni, Srikanth Devarajan
  • Detecting web probes versus regular traffic through a proxy including encrypted traffic
    Patent number: 11563665
    Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving encrypted traffic with an indicator in a header indicating a request for probe traffic; inspecting the request and a response for the probe traffic; and caching data associated with the response to in a cache.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: January 24, 2023
    Assignee: Zscaler, Inc.
    Inventors: Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng