Patents by Inventor Ravi Ithal

Ravi Ithal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12684018
    Abstract: The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.
    Type: Grant
    Filed: June 3, 2024
    Date of Patent: July 14, 2026
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
  • Publication number: 20260106905
    Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.
    Type: Application
    Filed: December 15, 2025
    Publication date: April 16, 2026
    Inventors: Ravi Ithal, Krishna Narayanaswamy
  • Publication number: 20260006067
    Abstract: The technology disclosed relates to detecting a data attack on a local file system. The detecting includes scanning a list to identify files of the local file system that have been updated within a timeframe, reading payloads of files identified by the scanning, calculating current content properties from the payload of the files, obtaining historical content properties of the files, determining that a malicious activity is in process by analyzing the current content properties and the historical content properties to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current content properties and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the machine/user.
    Type: Application
    Filed: January 17, 2025
    Publication date: January 1, 2026
    Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
  • Patent number: 12500940
    Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.
    Type: Grant
    Filed: November 14, 2023
    Date of Patent: December 16, 2025
    Assignee: Netskope, Inc.
    Inventors: Ravi Ithal, Krishna Narayanaswamy
  • Patent number: 12425464
    Abstract: Disclosed is increasing available bandwidth for processing of packets by a security service in a dynamic service chain, monitoring available bandwidth of the security service, taking into account a number of instances of the security service currently running, detecting a traffic volume that has exceeded a configurable threshold, provisioning a new instance to increase the available bandwidth of the security service, putting the new instance into service including updating a constant hash table (CHT) used to implement distributed routing and load balancing and distributing the updated CHT to instances of an other service that is upstream in the dynamic service chain from the security service. The method can include assigning new streams to use the new instance.
    Type: Grant
    Filed: December 26, 2023
    Date of Patent: September 23, 2025
    Assignee: NETSKOPE, INC.
    Inventors: Umesh Bangalore Muniyappa, Ravi Ithal
  • Publication number: 20250168179
    Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant.
    Type: Application
    Filed: January 17, 2025
    Publication date: May 22, 2025
    Inventors: Jeevan Tambuluri, Ravi Ithal, Steve Malmskog, Abhay Kulkarni, Ariel Faigon, Krishna Narayanaswamy
  • Patent number: 12284206
    Abstract: The technology disclosed relates to detecting a ransomware attack on a cloud-based file storage system. The detecting includes collecting metadata on files at they are manipulated, storing the collected metadata as historical metadata, detecting multiple artifacts of the ransomware attack resulting from ransomware manipulation of the files by (i) comparing at least one of the extension, the magic number and the size included in the historical metadata to at least one of the extension, the magic number and the size included in current metadata of the files to identify a volume of changes in the files, and (ii) detecting that the identified volume of changes exceeds a change volume to determine that the ransomware attack is in progress, and identifying a user/machine that manipulated the files and responding to the determination that the ransomware attack is in progress by restricting further manipulation of other files by the identified user/machine.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: April 22, 2025
    Assignee: Netskope, Inc.
    Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
  • Patent number: 12267355
    Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.
    Type: Grant
    Filed: November 15, 2021
    Date of Patent: April 1, 2025
    Assignee: Netskope, Inc.
    Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
  • Patent number: 12244617
    Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant.
    Type: Grant
    Filed: July 5, 2023
    Date of Patent: March 4, 2025
    Assignee: Netskope, Inc.
    Inventors: Jeevan Tambuluri, Ravi Ithal, Steve Malmskog, Abhay Kulkarni, Ariel Faigon, Krishna Narayanaswamy
  • Publication number: 20240372908
    Abstract: Disclosed is distributed routing and load balancing in a dynamic service chain, receiving a packet at a first service instance, including a NSH imposed on the by a service classifier. The NSH includes a stream affinity code consistent for packets in a stream. The method also includes processing the packet at the first instance where the instance performs a first service in a service chain that includes second and third services. The first service instance accesses a flow table using the stream affinity code to select a second service instance performing the second service from among service instances performing the second service, and the first instance routes the packet to the selected second service instance upon egress from the first service instance. The method can include hashing the stream affinity code to access the flow table and access an available instance using the hash as a key to a CHT.
    Type: Application
    Filed: December 26, 2023
    Publication date: November 7, 2024
    Applicant: Netskope, Inc.
    Inventors: Umesh Bangalore Muniyappa, Ravi Ithal
  • Publication number: 20240346137
    Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
    Type: Application
    Filed: June 21, 2024
    Publication date: October 17, 2024
    Inventors: Krishna Narayanaswamy, Ravi Ithal, Steve Malmskog, Shankaran Gnanashanmugam, Arjun Sambamoorthy, Chetan Anand, Prashanth Arun
  • Publication number: 20240323233
    Abstract: The technology disclosed relates to accessing a hosted service on a client device. In particular, the technology disclosed relates to receiving, on a client device of an entity's user, from a network security system, a forwarding rule for modifying requests for accessing a hosted service, receiving on the client device a request for accessing the hosted service, using the forwarding rule to modify the request for accessing the hosted service and generating a modified request for accessing the hosted service, and receiving on the client device a response from the network security system.
    Type: Application
    Filed: June 4, 2024
    Publication date: September 26, 2024
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Publication number: 20240323232
    Abstract: The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.
    Type: Application
    Filed: June 3, 2024
    Publication date: September 26, 2024
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
  • Patent number: 12056235
    Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
    Type: Grant
    Filed: March 26, 2018
    Date of Patent: August 6, 2024
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Ravi Ithal, Steve Malmskog, Shankaran Gnanashanmugam, Arjun Sambamoorthy, Chetan Anand, Prashanth Arun
  • Patent number: 12041093
    Abstract: The technology disclosed relates to accessing a hosted service on a client device. In particular, the technology disclosed relates to receiving, on a client device of an entity's user, from a network security system, a forwarding rule for modifying requests for accessing a hosted service, receiving on the client device a request for accessing the hosted service, using the forwarding rule to modify the request for accessing the hosted service and generating a modified request for accessing the hosted service, and receiving on the client device a response from the network security system.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: July 16, 2024
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Patent number: 12041090
    Abstract: The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.
    Type: Grant
    Filed: April 9, 2021
    Date of Patent: July 16, 2024
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
  • Publication number: 20240089297
    Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.
    Type: Application
    Filed: November 14, 2023
    Publication date: March 14, 2024
    Inventors: Ravi Ithal, Krishna Narayanaswamy
  • Publication number: 20240039976
    Abstract: Disclosed is distributed routing and load balancing in a dynamic service chain, receiving a packet at a first service instance, including a NSH imposed on the by a service classifier. The NSH includes a stream affinity code consistent for packets in a stream. The method also includes processing the packet at the first instance where the instance performs a first service in a service chain that includes second and third services. The first service instance accesses a flow table using the stream affinity code to select a second service instance performing the second service from among service instances performing the second service, and the first instance routes the packet to the selected second service instance upon egress from the first service instance. The method can include hashing the stream affinity code to access the flow table and access an available instance using the hash as a key to a CHT.
    Type: Application
    Filed: April 15, 2021
    Publication date: February 1, 2024
    Applicant: Netskope, Inc.
    Inventors: Umesh Bangalore MUNIYAPPA, Ravi ITHAL
  • Patent number: 11856041
    Abstract: Disclosed is distributed routing and load balancing in a dynamic service chain, receiving a packet at a first service instance, including a NSH imposed on the by a service classifier. The NSH includes a stream affinity code consistent for packets in a stream. The method also includes processing the packet at the first instance where the instance performs a first service in a service chain that includes second and third services. The first service instance accesses a flow table using the stream affinity code to select a second service instance performing the second service from among service instances performing the second service, and the first instance routes the packet to the selected second service instance upon egress from the first service instance. The method can include hashing the stream affinity code to access the flow table and access an available instance using the hash as a key to a CHT.
    Type: Grant
    Filed: April 15, 2021
    Date of Patent: December 26, 2023
    Assignee: Netskope, Inc.
    Inventors: Umesh Bangalore Muniyappa, Ravi Ithal
  • Patent number: 11856026
    Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.
    Type: Grant
    Filed: October 26, 2020
    Date of Patent: December 26, 2023
    Assignee: Netskope, Inc.
    Inventors: Ravi Ithal, Krishna Narayanaswamy