Patents by Inventor Ashwath Sreenivasa Murthy
Ashwath Sreenivasa Murthy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230231885Abstract: A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives.Type: ApplicationFiled: March 24, 2023Publication date: July 20, 2023Inventors: Jeffrey James Fitz-Gerald, JR., Ashwath Sreenivasa Murthy
-
Patent number: 11627164Abstract: A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives.Type: GrantFiled: February 8, 2022Date of Patent: April 11, 2023Assignee: Palo Alto Networks, Inc.Inventors: Jeffrey James Fitz-Gerald, Jr., Ashwath Sreenivasa Murthy
-
Publication number: 20230006986Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.Type: ApplicationFiled: August 31, 2022Publication date: January 5, 2023Inventors: Ashwath Sreenivasa Murthy, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Qiuming Li, Yongjie Yin
-
Patent number: 11470070Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.Type: GrantFiled: March 9, 2020Date of Patent: October 11, 2022Assignee: Palo Alto Networks, Inc.Inventors: Ashwath Sreenivasa Murthy, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Qiuming Li, Yongjie Yin
-
Publication number: 20220159043Abstract: A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives.Type: ApplicationFiled: February 8, 2022Publication date: May 19, 2022Inventors: Jeffrey James Fitz-Gerald, JR., Ashwath Sreenivasa Murthy
-
Publication number: 20220131906Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.Type: ApplicationFiled: January 3, 2022Publication date: April 28, 2022Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, JR.
-
Patent number: 11271970Abstract: A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives.Type: GrantFiled: July 25, 2019Date of Patent: March 8, 2022Assignee: Palo Alto Networks, Inc.Inventors: Jeffrey James Fitz-Gerald, Jr., Ashwath Sreenivasa Murthy
-
Patent number: 11218512Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.Type: GrantFiled: April 30, 2019Date of Patent: January 4, 2022Assignee: Palo Alto Networks, Inc.Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, Jr.
-
Publication number: 20210029165Abstract: A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives.Type: ApplicationFiled: July 25, 2019Publication date: January 28, 2021Inventors: Jeffrey James Fitz-Gerald, JR., Ashwath Sreenivasa Murthy
-
Patent number: 10904237Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.Type: GrantFiled: December 6, 2019Date of Patent: January 26, 2021Assignee: Palo Alto Networks, Inc.Inventors: Ashwath Sreenivasa Murthy, Karthik Ganesan, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Martin Walter
-
Publication number: 20200351309Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.Type: ApplicationFiled: April 30, 2019Publication date: November 5, 2020Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, JR.
-
Patent number: 10805265Abstract: Techniques for detection of compromised credentials as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for detection of compromised credentials as a network service includes monitoring a plurality of sessions at a firewall, logging a plurality of failed or timed out attempts to authenticate at the firewall in a log, analyzing the log for a pattern of failed or timed out attempts to authenticate at the firewall to identify potentially compromised credentials for authentication, and determining that a set of credentials for authentication have been compromised based on the analysis of the log.Type: GrantFiled: May 30, 2019Date of Patent: October 13, 2020Assignee: Palo Alto Networks, Inc.Inventor: Ashwath Sreenivasa Murthy
-
Publication number: 20200213289Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.Type: ApplicationFiled: March 9, 2020Publication date: July 2, 2020Inventors: Ashwath Sreenivasa Murthy, Prabhakar M. V. B. R. Mangam, Shriram S. Jandhyala, Qiuming Li, Yongjie Yin
-
Patent number: 10701049Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.Type: GrantFiled: September 30, 2016Date of Patent: June 30, 2020Assignee: Palo Alto Networks, Inc.Inventors: Ashwath Sreenivasa Murthy, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Qiuming Li, Yongjie Yin
-
Patent number: 10701056Abstract: Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.Type: GrantFiled: January 18, 2019Date of Patent: June 30, 2020Assignee: Palo Alto Networks, Inc.Inventor: Ashwath Sreenivasa Murthy
-
Publication number: 20200112554Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.Type: ApplicationFiled: December 6, 2019Publication date: April 9, 2020Inventors: Ashwath Sreenivasa Murthy, Karthik Ganesan, Prabhakar M. V. B. R. Mangam, Shriram S. Jandhyala, Martin Walter
-
Patent number: 10547600Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.Type: GrantFiled: September 30, 2016Date of Patent: January 28, 2020Assignee: Palo Alto Networks, Inc.Inventors: Ashwath Sreenivasa Murthy, Karthik Ganesan, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Martin Walter
-
Publication number: 20190349332Abstract: Techniques for detection of compromised credentials as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for detection of compromised credentials as a network service includes monitoring a plurality of sessions at a firewall, logging a plurality of failed or timed out attempts to authenticate at the firewall in a log, analyzing the log for a pattern of failed or timed out attempts to authenticate at the firewall to identify potentially compromised credentials for authentication, and determining that a set of credentials for authentication have been compromised based on the analysis of the log.Type: ApplicationFiled: May 30, 2019Publication date: November 14, 2019Inventor: Ashwath Sreenivasa Murthy
-
Patent number: 10367784Abstract: Techniques for detection of compromised credentials as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for detection of compromised credentials as a network service includes monitoring a plurality of sessions at a firewall, logging a plurality of failed or timed out attempts to authenticate at the firewall in a log, analyzing the log for a pattern of failed or timed out attempts to authenticate at the firewall to identify potentially compromised credentials for authentication, and determining that a set of credentials for authentication have been compromised based on the analysis of the log.Type: GrantFiled: September 30, 2016Date of Patent: July 30, 2019Assignee: Palo Alto Networks, Inc.Inventor: Ashwath Sreenivasa Murthy
-
Publication number: 20190158480Abstract: Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.Type: ApplicationFiled: January 18, 2019Publication date: May 23, 2019Inventor: Ashwath Sreenivasa Murthy