Abstract: Apparatuses, systems, and techniques to control utilization of a combination of processing cores. In at least one embodiment, utilization of a combination of processing cores is controlled based, at least in part, on historic thermal characteristics of the combination of the processing cores.

Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant.

Abstract: Disclosed are methods and systems for customizing a deep learning (“DL”) stack to detect organization sensitive data in images, referred to as image-borne organization sensitive documents, and protecting against loss of the image-borne organization sensitive documents. The methods and systems include distributing a trained master DL stack with stored parameters to a plurality of organizations. Providing at least some of the organizations with a DL stack update trainer, under the organizations' control, configured to save, during generation of updated DL stacks, non-invertible features derived from images of organization-sensitive training examples, ground truth labels for the images, and parameters of the updated DL stacks. Receiving, from at least one of the DL stack update trainers, organization-specific examples including the non-invertible features and the ground truth labels, without receiving images of the organization-specific examples.

Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Abstract: The disclosed technology teaches a method of operating an inspection proxy for encrypted sessions between users in an organization serviced by the inspection proxy and cloud-based services accessed by the users. The method comprises providing the inspection proxy comprising an intermediate certificate authority that holds a certificate authority (CA) certificate that browsers, operated by the users in the organization, recognize to be authorized to sign end-entity certificates, by virtue of being chained to a root certificate recognized by the browsers.

Abstract: The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.

Abstract: The technology disclosed relates to accessing a hosted service on a client device. In particular, the technology disclosed relates to receiving, on a client device of an entity's user, from a network security system, a forwarding rule for modifying requests for accessing a hosted service, receiving on the client device a request for accessing the hosted service, using the forwarding rule to modify the request for accessing the hosted service and generating a modified request for accessing the hosted service, and receiving on the client device a response from the network security system.

Abstract: Disclosed are methods and systems for detecting screenshot images and protecting against loss of sensitive screenshot-borne data. One disclosed method includes collecting examples of the screenshot images and non-screenshot images and creating labelled ground-truth data for the examples. The method also includes applying re-rendering of at least some of the collected example screenshot images to represent different variations of screenshots that may contain sensitive information, and further includes training a deep learning stack by forward inference and back propagation using labelled ground-truth data for the screenshot images and the examples of the non-screenshot images. The method further includes using results of the back propagation to configure parameters of the trained DL stack for inference from images in production. Also disclosed is applying a screenshot robot to collect the examples of the screenshot images and non-screenshot images.

Abstract: The technology disclosed teaches incident-driven and user-targeted data loss prevention that includes a CASB controlling infiltration via cloud-based services storing documents in use by organization users, by monitoring manipulation of the documents. The CASB identifies the cloud-based services that the particular user has access to and at least one document location on the cloud-based services to inspect for sensitive documents, in response to receiving an indication that user credentials have been compromised. The CASB performs deep inspection of documents identified as stored at the location and detects at least some sensitive documents. Based on the detected sensitive documents, the CASB determines an exposure for the organization due to the particular user.

Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

Abstract: The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.

Abstract: The technology disclosed relates to accessing a hosted service on a client device. In particular, the technology disclosed relates to receiving, on a client device of an entity's user, from a network security system, a forwarding rule for modifying requests for accessing a hosted service, receiving on the client device a request for accessing the hosted service, using the forwarding rule to modify the request for accessing the hosted service and generating a modified request for accessing the hosted service, and receiving on the client device a response from the network security system.

Abstract: The technology disclosed describes a network security system (NSS) for managing cloud security posture. The NSS uses synthetic request injection to determine a security posture of a resource hosted on a cloud application for policy enforcement. The NSS receives an incoming request from a client directed toward a resource hosted on a cloud application during an application session. The NSS holds the incoming request, generates the synthetic request, and transmits the synthetic request to the cloud application. The synthetic request is designed to retrieve information specifying the security posture of the resource from the cloud application using the resource identifier. The NSS receives a response to the synthetic request from the cloud application that supplies the information specifying the security posture of the resource. The NSS applies a policy on the incoming request based on the security posture information.

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

Abstract: The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.

Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.

Abstract: The technology disclosed intercepts a webpage rendered by a server in response to a user action executed on a client. The technology disclosed analyzes one or more images of the webpage and determines that a particular hosted service is represented by the images. It analyzes one or more fields of the webpage and determines that the fields elicit confidential information. The technology disclosed intercepts a request generated by the client in response to another user action providing the confidential information via the fields. The technology disclosed analyses the request and determines that the confidential information is being exfiltrated to an unsanctioned resource. This determination is made by comparing a resource address in the request with one or more sanctioned resource addresses used by the particular hosted service. The technology disclosed determines that the webpage is effectuating a phishing attack and blocks transmission of the confidential information to the unsanctioned resource.

Abstract: The technology disclosed teaches incident-driven and user-targeted data loss prevention that includes a CASB controlling infiltration via cloud-based services storing documents in use by organization users, by monitoring manipulation of the documents. The CASB identifies the cloud-based services that the particular user has access to and at least one document location on the cloud-based services to inspect for sensitive documents, in response to receiving an indication that user credentials have been compromised. The CASB performs deep inspection of documents identified as stored at the location and detects at least some sensitive documents. Based on the detected sensitive documents, the CASB determines an exposure for the organization due to the particular user.

Abstract: The technology disclosed includes a system to efficiently classify sensitivity of document generated by and downloaded from cloud-based provider services. The system monitors network traffic at a document-generation initiating endpoint and receives a web page identifying the document generated. The system parses the network traffic that selects the document for download, based on the user selecting a link, and intercepts a document handle in an API parameter string used to download the document. The system interprets the document handle to analyze sensitivity of the document to assign a sensitive classification to the document. The sensitivity classification is encoded into the document header metadata. The encoded sensitivity classification can be used to enhance security, for example, preventing data exfiltration.