Patents by Inventor Narinder Paul
Narinder Paul has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240028721Abstract: Systems and methods include performing inline monitoring of production traffic between users, the Internet, and cloud services via a cloud-based system; utilizing a trained machine learning model to inspect static properties of files in the production traffic; and classifying the traffic as one of malicious or benign based on the trained machine learning model.Type: ApplicationFiled: September 26, 2023Publication date: January 25, 2024Inventors: Changsha Ma, Nirmal Singh, Naveen Selvan, Tarun Dewan, Uday Pratap Singh, Deepen Desai, Bharath Meesala, Rakshitha Hedge, Parnit Sainion, Shashank Gupta, Narinder Paul, Rex Shang, Howie Xu
-
Patent number: 11861472Abstract: Systems and methods include receiving a trained machine learning model that has been processed with training information removed therefrom, wherein the training information is utilized in training of the trained machine learning model; monitoring traffic, inline at the node, including processing the traffic with the trained machine learning model; obtaining a verdict on the traffic based on the trained machine learning model; and performing an action on the traffic based on the verdict.Type: GrantFiled: September 29, 2022Date of Patent: January 2, 2024Assignee: Zscaler, Inc.Inventors: Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
-
Patent number: 11829347Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.Type: GrantFiled: April 26, 2022Date of Patent: November 28, 2023Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
-
Publication number: 20230376592Abstract: Systems and methods of sandboxing a file include responsive to receiving a file associated with a user, obtaining policy for the user; analyzing the file with a machine learning model; and based on a combination of the policy for the user and a verdict of the machine learning model, one of quarantining the file for analysis in a sandbox and allowing the file to the user. The present disclosure presents a smart quarantine with a goal of minimizing the number of files quarantined, the number of malicious files passed through to an end user, and a number of files scanned by a sandbox.Type: ApplicationFiled: August 1, 2023Publication date: November 23, 2023Inventors: Changsha Ma, Rex Shang, Douglas A. Koch, Dianhuan Lin, Howie Xu, Bharath Kumar, Shashank Gupta, Parnit Sainion, Narinder Paul, Deepen Desai
-
Contextual relationship graph based on user's network transaction patterns for investigating attacks
Publication number: 20230353587Abstract: Systems and methods include receiving network transaction data for a plurality of users monitored by a cloud-based system; creating a relationship graph based on the plurality of user's recent network transactions for a time period, wherein the relationship graph includes vertices for domains and edges for transactions by users between the domains having some number of transaction in the time period; and analyzing the relationship graph to detect previously undetected suspicious anomalies. The weights on each edge are based on a relationship between two domains where the relationship includes any of malware, Internet Protocol (IP) addresses, Autonomous System Number (ASN), registration, and redirects.Type: ApplicationFiled: July 27, 2022Publication date: November 2, 2023Inventors: Loc Bui, Douglas A. Koch, Matthew Cronin, Shudong Zhou, Miao Zhang, Dianhuan Lin, Rex Shang, Howie Xu, Nirmal Singh Bhary, Deepen Desai, Narinder Paul, Parnit Sainion, Kenneth Sigafoose, Bryan Lee, Josh Pyorre, Martin Walter, Atinderpal Singh, Brett Stone-Gross, Erik Yunghans -
Patent number: 11803641Abstract: Systems and methods include determining a plurality of features associated with executable files, wherein the plurality of features are each based on static properties in predefined structure of the executable files; obtaining training data that includes samples of benign executable files and malicious executable files; extracting the plurality of features from the training data; and utilizing the extracted plurality of features to train a machine learning model to detect malicious executable files.Type: GrantFiled: October 26, 2020Date of Patent: October 31, 2023Assignee: Zscaler, Inc.Inventors: Changsha Ma, Nirmal Singh, Naveen Selvan, Tarun Dewan, Uday Pratap Singh, Deepen Desai, Bharath Meesala, Rakshitha Hedge, Parnit Sainion, Shashank Gupta, Narinder Paul, Rex Shang, Howie Xu
-
Patent number: 11805138Abstract: Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.Type: GrantFiled: August 19, 2020Date of Patent: October 31, 2023Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi
-
Publication number: 20230300114Abstract: Systems and methods include receiving Data Loss Prevention (DLP) configurations for one or more devices, wherein the DLP configurations define how exfiltration of sensitive data is protected for the one or more devices; monitoring traffic of the one or more devices; and scanning the traffic of the one or more devices using the DLP configurations assigned to the one or more devices.Type: ApplicationFiled: September 26, 2022Publication date: September 21, 2023Inventors: Arun Bhallamudi, Narinder Paul
-
Patent number: 11755726Abstract: Systems and methods include obtaining a file associated with a user for processing; utilizing a combination of policy for the user and machine learning to determine whether to i) quarantine the file and scan the file in a sandbox, ii) allow the file to the user and scan the file in the sandbox, and iii) allow the file to the user without the scan; responsive to the quarantine of the file and the sandbox determining the file is malicious, blocking the file; and, responsive to the quarantine of the file and the sandbox determining the file is benign, allowing the file.Type: GrantFiled: June 16, 2020Date of Patent: September 12, 2023Assignee: Zscaler, Inc.Inventors: Changsha Ma, Rex Shang, Douglas A. Koch, Dianhuan Lin, Howie Xu, Bharath Kumar, Shashank Gupta, Parnit Sainion, Narinder Paul, Deepen Desai
-
Patent number: 11716359Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one or more mobile profiles for one or more mobile devices each associated with a user from an enterprise; responsive to enrollment of a mobile device of the one or more mobile devices, communicating to the mobile device; determining an associated mobile profile of the one or more mobile profiles for the mobile device; and configuring the mobile device based on the associated mobile profile.Type: GrantFiled: September 28, 2022Date of Patent: August 1, 2023Assignee: Zscaler, Inc.Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
-
Patent number: 11671433Abstract: A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.Type: GrantFiled: April 21, 2020Date of Patent: June 6, 2023Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi, James Tan, Frank Zhang, Pooja Deshmukh
-
Publication number: 20230156041Abstract: A cloud node in a cloud-based system includes one or more processors and memory storing instructions that, when executed, cause the one or more processors to: communicate with a user associated with a tenant of a plurality of tenants; obtain policy and configuration for the user based on the tenant, from a central authority in the cloud-based system; provide the one or more cloud services to the user, based on the policy and configuration; and crawl one or more cloud providers having a plurality of files for the user, based on the policy and configuration. The cloud node is inline between a user device of the user and the Internet, as well as connected to the one or more cloud providers.Type: ApplicationFiled: January 18, 2023Publication date: May 18, 2023Inventors: Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
-
Patent number: 11582261Abstract: A Cloud Access Security Broker (CASB) system includes a controller; a message broker connected to the controller; and a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants, wherein the plurality of workers are configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants provided via the controller, and based on assignments from the message broker. The plurality of workers can be further configured to cause an action in the one or more cloud providers based on the crawl and based on the policy and the configuration. The action can include any of allowing a file, deleting a file, quarantining a file, and providing a notification.Type: GrantFiled: March 30, 2020Date of Patent: February 14, 2023Assignee: Zscaler, Inc.Inventors: Shankar Vivekanandan, Narinder Paul, Parth Shah, Pratibha Nayak, Sonal Choudhary, Huan Chen
-
Publication number: 20230037489Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.Type: ApplicationFiled: August 23, 2022Publication date: February 9, 2023Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
-
Publication number: 20230028585Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one or more mobile profiles for one or more mobile devices each associated with a user from an enterprise; responsive to enrollment of a mobile device of the one or more mobile devices, communicating to the mobile device; determining an associated mobile profile of the one or more mobile profiles for the mobile device; and configuring the mobile device based on the associated mobile profile.Type: ApplicationFiled: September 28, 2022Publication date: January 26, 2023Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
-
Publication number: 20230018188Abstract: Systems and methods include receiving a trained machine learning model that has been processed with training information removed therefrom, wherein the training information is utilized in training of the trained machine learning model; monitoring traffic, inline at the node, including processing the traffic with the trained machine learning model; obtaining a verdict on the traffic based on the trained machine learning model; and performing an action on the traffic based on the verdict.Type: ApplicationFiled: September 29, 2022Publication date: January 19, 2023Inventors: Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
-
Patent number: 11489878Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system.Type: GrantFiled: September 8, 2021Date of Patent: November 1, 2022Assignee: Zscaler, Inc.Inventors: Amit Sinha, Narinder Paul, Srikanth Devarajan
-
Patent number: 11475368Abstract: Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.Type: GrantFiled: September 18, 2020Date of Patent: October 18, 2022Assignee: Zscaler, Inc.Inventors: Rex Shang, Dianhuan Lin, Changsha Ma, Douglas A. Koch, Shashank Gupta, Parnit Sainion, Visvanathan Thothathri, Narinder Paul, Howie Xu
-
Patent number: 11429589Abstract: Systems and methods include obtaining a file to be checked for Data Loss Prevention (DLP); determining a cryptographic hash of the file and comparing the cryptographic hash to corresponding cryptographic hashes of indexed files; responsive to a match between the cryptographic hash and one of the corresponding cryptographic hashes, determining a DLP match and performing an action based thereon; responsive to no match, extracting text from the file and creating an ordered sequence of hashes of variable length chunks of the extracted text; and determining the DLP match with one of the indexed files based on comparing the ordered sequence of hashes with corresponding ordered sequence of hashes of the indexed files.Type: GrantFiled: July 8, 2020Date of Patent: August 30, 2022Assignee: Zscaler, Inc.Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan
-
Publication number: 20220253430Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.Type: ApplicationFiled: April 26, 2022Publication date: August 11, 2022Inventors: Narinder Paul, Arun Bhallamudi, Balakrishna Bayar, James Tan