Patents by Inventor Manoj Ahluwalia
Manoj Ahluwalia has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240048564Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.Type: ApplicationFiled: August 4, 2023Publication date: February 8, 2024Applicant: Fortinet, Inc.Inventors: Rajiv Sreedhar, Manuel Nedbal, Manoj Ahluwalia, Damodar K. Hegde, Jitendra B. Gaitonde, Suresh Rajanna, Mark Lubeck, Gary Nool
-
Patent number: 11757888Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.Type: GrantFiled: June 15, 2021Date of Patent: September 12, 2023Assignee: Fortinet, Inc.Inventors: Rajiv Sreedhar, Manuel Nedbal, Manoj Ahluwalia, Damodar K. Hegde, Jitendra B. Gaitonde, Suresh Rajanna, Mark Lubeck, Gary Nool
-
Publication number: 20230069738Abstract: Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.Type: ApplicationFiled: August 23, 2021Publication date: March 2, 2023Applicant: Fortinet, IncInventors: Rajiv Sreedhar, MANUEL NEDBAL, MANOJ AHLUWALIA, LATHA KRISHNAMURTHI, RAJESHWARI RAO, DAMODAR K. HEGDE, JITENDRA B. GAITONDE, Dave Karp, Mark Lubeck
-
Publication number: 20220400113Abstract: Systems, devices, and methods are discussed for determining zero trust network access policy from a policy from a perspective focused on one or more network elements.Type: ApplicationFiled: June 15, 2021Publication date: December 15, 2022Applicant: Fortinet, IncInventors: Rajiv Sreedhar, Manuel Nedbal, Damodar K. Hegde, Jitendra B. Gaitonde, Manoj Ahluwalia
-
Publication number: 20220400114Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.Type: ApplicationFiled: June 15, 2021Publication date: December 15, 2022Applicant: Fortinet, Inc.Inventors: Rajiv Sreedhar, MANUEL NEDBAL, MANOJ AHLUWALIA, DAMODAR K. HEGDE, JITENDRA B. GAITONDE, SURESH RAJANNA, MARK LUBECK, GARY NOOL
-
Publication number: 20220400116Abstract: Systems, devices, and methods are discussed for determining zero trust network access policy based upon intent defined groups of workloads.Type: ApplicationFiled: August 9, 2021Publication date: December 15, 2022Applicant: Fortinet, Inc.Inventors: RAJIV SREEDHAR, MANUEL NEDBAL, DAMODAR K. HEGDE, JITENDRA B. GAITONDE, MANOJ AHLUWALIA, LATHA KRISHNAMURTHI, RAJESHWARI RAO
-
Patent number: 11368488Abstract: Systems, methods, and apparatuses enable one or more security microservices to optimize a security configuration of a networked environment by applying security policies to resource groups passively to determine whether network sets, resource groups, or security policies should be modified, prior to active enforcement. When security policies are applied passively, security actions that are performed in response to a violation of security policy do not impact network traffic. The one or more security microservices evaluate the results of the passive application of security policies to determine whether there is at least one recommended modification to network sets, resource groups, or security policies. When there is at least one recommended modification, the modification is applied.Type: GrantFiled: October 25, 2019Date of Patent: June 21, 2022Assignee: Fortinet, Inc.Inventors: Manuel Nedbal, Ratinder Paul Singh Ahuja, Manoj Ahluwalia, Jitendra Gaitonde, Rajiv Sreedhar, Ojas Milind Kale, Mark Raymond Lubeck, Yuk Suen Cheng, Suresh Rajanna, David Dvir Adler, Gary Nool
-
Patent number: 11120148Abstract: Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security settings and policies associated with the one or more security elements. The security orchestrator then assigns or applies the security settings and policies for the virtual machine based on values of the one or more security elements.Type: GrantFiled: January 10, 2019Date of Patent: September 14, 2021Assignee: Fortinet, Inc.Inventors: Rajiv Sreedhar, Ratinder Paul Singh Ahuja, Manuel Nedbal, Damodar Hegde, Jitendra Gaitonde, Manoj Ahluwalia, Stuart Gibson
-
Publication number: 20210126948Abstract: Systems, methods, and apparatuses enable one or more security microservices to optimize a security configuration of a networked environment by applying security policies to resource groups passively to determine whether network sets, resource groups, or security policies should be modified, prior to active enforcement. When security policies are applied passively, security actions that are performed in response to a violation of security policy do not impact network traffic. The one or more security microservices evaluate the results of the passive application of security policies to determine whether there is at least one recommended modification to network sets, resource groups, or security policies. When there is at least one recommended modification, the modification is applied.Type: ApplicationFiled: October 25, 2019Publication date: April 29, 2021Inventors: Manuel Nedbal, Ratinder Paul Singh Ahuja, Manoj Ahluwalia, Jitendra Gaitonde, Rajiv Sreedhar, Ojas Milind Kale, Mark Raymond Lubeck, Yuk Suen Cheng, Suresh Rajanna, David Dvir Adler, Gary Nool
-
Patent number: 10944723Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.Type: GrantFiled: November 17, 2017Date of Patent: March 9, 2021Assignee: SHIELDX NETWORKS, INC.Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Jitendra Gaitonde, John Parker, Manoj Ahluwalia, Damodar Hegde, Neil Liberman, Rajiv Sreedhar
-
Publication number: 20200226271Abstract: Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security settings and policies associated with the one or more security elements. The security orchestrator then assigns or applies the security settings and policies for the virtual machine based on values of the one or more security elements.Type: ApplicationFiled: January 10, 2019Publication date: July 16, 2020Inventors: Rajiv Sreedhar, Ratinder Paul Singh Ahuja, Manuel Nedbal, Damodar Hegde, Jitendra Gaitonde, Manoj Ahluwalia, Stuart Gibson
-
Publication number: 20190158465Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.Type: ApplicationFiled: November 17, 2017Publication date: May 23, 2019Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Jitendra Gaitonde, John Parker, Manoj Ahluwalia, Damodar Hegde, Neil Liberman, Rajiv Sreedhar
-
Patent number: 9210193Abstract: An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.Type: GrantFiled: September 24, 2014Date of Patent: December 8, 2015Assignee: McAfee, Inc.Inventors: Manuel Nedbal, Manoj Ahluwalia, Charles Slate
-
Publication number: 20150012967Abstract: An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.Type: ApplicationFiled: September 24, 2014Publication date: January 8, 2015Inventors: Manuel Nedbal, Manoj Ahluwalia, Charles Slate
-
Patent number: 8874766Abstract: An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.Type: GrantFiled: March 9, 2012Date of Patent: October 28, 2014Assignee: McAfee, Inc.Inventors: Manuel Nedbal, Manoj Ahluwalia, Charles Slate
-
Publication number: 20130246639Abstract: An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.Type: ApplicationFiled: March 9, 2012Publication date: September 19, 2013Inventors: Manuel Nedbal, Manoj Ahluwalia, Charles Slate