Abstract: The technology discloses a method applied by a policy manager to a cloud-based security system that unifies functions of access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic, with a data manager coupled to the policy manager storing a superset of fields used to specify security policies across the cloud-based unified functions, including common fields shared by two or more of the functions.

Abstract: Disclosed is a unified security system of cloud-based components configured for (a) packet-level and (b) protocol-level access control and traffic inspection, (c) threat detection and (d) activity contextualization. Packet-level inspects and classifies headers in requests or responses, sets a first restrictive state or passes the request or response. Protocol-level performs deep packet inspection for malicious signatures then sets a second state or passes. Threat detection, when the request or response is an HTTP/S stream, classifies as directed to a threat destination or not, then sets a third state or passes the request or response and activity contextualization, when the request is an HTTP/S stream seeking access to a cloud-based application, recognizes, processes and classifies content-containing activity as compromising or not, then sets a fourth state or passes.

Abstract: The technology discloses a computer-implemented policy manager device for a cloud-based security system that manages cloud-based unified functions of packet-level and protocol-level access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic. Packet-level access control inspects packet headers for malformation, protocol-level access control performs deep packet inspection for malicious signatures, threat detection determines whether traffic in an HTTP/S stream as directed to a threat destination, and activity contextualization recognizes whether an activity in an HTTP/S stream accessing a cloud-based application is a compromising activity.

Abstract: The technology discloses processing incoming access requests of packets through cloud-based components that perform (a) packet-level access control and traffic inspection, (b) protocol-level access control and traffic inspection, (c) threat detection, and (d) activity contextualization, including a packet and stream router conveying each incoming access request of packets through all of components (a)-(d) that apply, at least until one of the components sets a restrictive state on at least one object corresponding to the incoming access request or until all of the components that apply have passed the incoming access request.

Abstract: Disclosed is a unified security system of cloud-based components configured for (a) packet-level and (b) protocol-level access control and traffic inspection, (c) threat detection and (d) activity contextualization. Packet-level inspects and classifies headers in requests or responses, sets a first restrictive state or passes the request or response. Protocol-level performs deep packet inspection for malicious signatures then sets a second state or passes. Threat detection, when the request or response is an HTTP/S stream, classifies as directed to a threat destination or not, then sets a third state or passes the request or response and activity contextualization, when the request is an HTTP/S stream seeking access to a cloud-based application, recognizes, processes and classifies content-containing activity as compromising or not, then sets a fourth state or passes.

Abstract: The technology discloses a method applied by a policy manager to a cloud-based security system that unifies functions of access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic, with a data manager coupled to the policy manager storing a superset of fields used to specify security policies across the cloud-based unified functions, including common fields shared by two or more of the functions.

Abstract: The technology discloses a computer-implemented policy manager device for a cloud-based security system that unifies functions of packet-level and protocol-level access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic. The device includes a data manager for a superset of fields that specify security policies across the cloud-based unified functions, including common fields shared by two or more of the unified functions, means for receiving and storing policy specifications in a common format for values of the common fields as applied to each of the unified functions, whereby a user interacting with the means for receiving can specify security policies governing the cloud-based unified functions of access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic.