Patents by Inventor Michael J. Melson
Michael J. Melson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902332Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: GrantFiled: January 16, 2023Date of Patent: February 13, 2024Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20230283639Abstract: Systems and methods include receiving messages from local security agents each on a host in a network, wherein the messages include network topology of the network in terms of addresses and sockets; incrementally creating a network topology of the network based on the messages; determining security policies for one or more microsegments in the network based on flow data and the network topology; and providing the security policies to respective hosts for local implementation of the one or more microsegments.Type: ApplicationFiled: March 7, 2022Publication date: September 7, 2023Inventors: Michael J. Melson, Scott Laplante
-
Publication number: 20230239270Abstract: Systems and methods include operating a local security agent that is configured to allow or block flows based on security policies, to implement microsegmentation; and, responsive to a block of a flow, creating a synthetic audit event that reflects what the flow would have been had it not been blocked. The steps can include creating a packet for the flow and transmitting the packet with an indicator that it represents the synthetic audit event. The steps can include receiving the security policies which include an indicator on which blocks to create the synthetic audit event.Type: ApplicationFiled: January 24, 2022Publication date: July 27, 2023Inventors: Peter Nahas, Michael J. Melson, Scott Laplante, Raymond Brian Liu
-
Publication number: 20230156040Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: ApplicationFiled: January 16, 2023Publication date: May 18, 2023Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Patent number: 11632401Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: GrantFiled: October 28, 2021Date of Patent: April 18, 2023Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20230056212Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, steps can include observing positive data associated with a network; generating a network communication model based on the positive data; generating negative data based on the network communication model; calculating a precision of the network communication model based on the network communication model and the negative data; and calculating an accuracy of the network communication model based on one or more of the precision of the network communication model, or the network communication model and the positive data.Type: ApplicationFiled: November 2, 2022Publication date: February 23, 2023Inventors: John O'Neil, Michael J. Melson
-
Patent number: 11509673Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.Type: GrantFiled: June 11, 2020Date of Patent: November 22, 2022Assignee: Zscaler, Inc.Inventors: John O'Neil, Michael J. Melson
-
Publication number: 20220053026Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.Type: ApplicationFiled: October 28, 2021Publication date: February 17, 2022Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Patent number: 11178187Abstract: A computer system automatically generates a proposal for network application security policies to be applied on a telecommunications network. The system provides output representing the proposed network application security policies to a user. The user provides input either approving or disapproving of the network application security policies. If the user approves, then the system applies the of the proposed microsegmentation. This process may be repeated for a plurality of hosts and subsets thereof within the same network, and may be repeated over time to modify one or more existing network application security policies. The network application security policies govern inbound and outbound connections to the hosts in the network.Type: GrantFiled: June 11, 2020Date of Patent: November 16, 2021Assignee: Zscaler, Inc.Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, Jr., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove
-
Publication number: 20200396235Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.Type: ApplicationFiled: June 11, 2020Publication date: December 17, 2020Inventors: John O 'Neil, Michael J. Melson
-
Publication number: 20200396255Abstract: A computer system automatically generates a proposal for performing microsegmentation on a network. The system provides output representing the proposed microsegmentation to a user. The user provides input either approving or disapproving of the proposed microsegmentation. If the user approves of the proposed microsegmentation, then the system implements the microsegmentation. Otherwise, the system does not implement the proposed microsegmentation. This process may be repeated for a plurality of proposed microsegmentations within the same network, and may be repeated over time to modify one or more existing microsegmentations. The system advantageously performs the vast majority of the work required to microsegment the network automatically, leaving only the task of review and approval to the user. This both saves a significant amount of time and increases the quality of the microsegmentation in comparison to microsegmentation solely performed manually by one or more humans.Type: ApplicationFiled: June 11, 2020Publication date: December 17, 2020Inventors: Peter Smith, Aparna Ayikkara, Omar Baba, Daniel Einspanjer, Anthony Gelsomini, Thomas C. Hickman, Peter Kahn, Thomas Evan Keiser, JR., Andriy Kochura, Nikitha Koppu, Scott Laplante, Xing Li, Raymond Brian Liu, Sean Lutner, Michael J. Melson, Peter Nahas, John O'Neil, Herman Parfenov, Joseph Riopel, Suji Suresh, Harry Sverdlove