Patents by Inventor Ravi Ithal
Ravi Ithal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190394244Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: ApplicationFiled: August 28, 2019Publication date: December 26, 2019Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
-
Patent number: 10491638Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: GrantFiled: May 25, 2018Date of Patent: November 26, 2019Assignee: Netskope, Inc.Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
-
Patent number: 10476907Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.Type: GrantFiled: June 20, 2017Date of Patent: November 12, 2019Assignee: Netskope, Inc.Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
-
Patent number: 10469525Abstract: The technology disclosed relates to detecting a data attack on a local file system. The detecting includes scanning a list to identify files of the local file system that have been updated within a timeframe, reading payloads of files identified by the scanning, calculating current content properties from the payload of the files, obtaining historical content properties of the files, determining that a malicious activity is in process by analyzing the current content properties and the historical content properties to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current content properties and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the machine/user.Type: GrantFiled: June 20, 2017Date of Patent: November 5, 2019Assignee: Netskope, Inc.Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
-
Patent number: 10404755Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: GrantFiled: May 25, 2018Date of Patent: September 3, 2019Assignee: Netskope, Inc.Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
-
Patent number: 10404756Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: GrantFiled: May 25, 2018Date of Patent: September 3, 2019Assignee: Netskope, Inc.Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
-
Publication number: 20190268381Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.Type: ApplicationFiled: May 10, 2019Publication date: August 29, 2019Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Abhay KULKARNI, Ravi ITHAL, Chetan ANAND, Rajneesh CHOPRA
-
Publication number: 20190245876Abstract: The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.Type: ApplicationFiled: April 19, 2019Publication date: August 8, 2019Applicant: Netskope, Inc.Inventors: Ariel FAIGON, Krishna NARAYANASWAMY, Jeevan TAMBULURI, Ravi ITHAL, Steve MALMSKOG, Abhay KULKARNI
-
Patent number: 10291657Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.Type: GrantFiled: June 5, 2018Date of Patent: May 14, 2019Assignee: NetSkope, Inc.Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
-
Patent number: 10270788Abstract: The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.Type: GrantFiled: September 2, 2016Date of Patent: April 23, 2019Assignee: Netskope, Inc.Inventors: Ariel Faigon, Krishna Narayanaswamy, Jeevan Tambuluri, Ravi Ithal, Steve Malmskog, Abhay Kulkarni
-
Publication number: 20180367575Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.Type: ApplicationFiled: June 5, 2018Publication date: December 20, 2018Applicant: NetSkope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Abhay KULKARNI, Ravi ITHAL, Chetan ANAND, Rajneesh CHOPRA
-
Publication number: 20180309795Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.Type: ApplicationFiled: April 20, 2018Publication date: October 25, 2018Applicant: Netskope, Inc.Inventors: Ravi ITHAL, Krishna NARAYANASWAMY
-
Publication number: 20180309723Abstract: The technology disclosed relates to conserving inspection bandwidth of a data inspection and loss prevention appliance (DILPA) of a network security system (NSS). The technology disclosed uses bypass lists to ensure that rich content traffic is not subjected to inspection by the DILPA. An endpoint routing client (ERC), running on a device, has a bypass list of bandwidth conservable destination identifiers for which inspection bandwidth of the DILPA is conserved by bypassing the DILPA. The identifiers specify rich content sources through domain names, URLs, web categories, and server names (e.g., server name indications (SNIs), HOST headers). ERC classifies incoming connecting access requests as loss prevention inspectable or bandwidth conservable by comparing them against entries in the bypass list. ERC tunnels loss prevention inspectable requests to the DILPA over a secure encrypted channel for inspection.Type: ApplicationFiled: April 20, 2018Publication date: October 25, 2018Applicant: Netskope, Inc.Inventors: Ravi ITHAL, Krishna NARAYANASWAMY
-
Publication number: 20180278653Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: ApplicationFiled: May 25, 2018Publication date: September 27, 2018Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
-
Publication number: 20180278652Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: ApplicationFiled: May 25, 2018Publication date: September 27, 2018Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
-
Publication number: 20180278651Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: ApplicationFiled: May 25, 2018Publication date: September 27, 2018Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
-
Publication number: 20180218167Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.Type: ApplicationFiled: March 26, 2018Publication date: August 2, 2018Applicant: Netskope, Inc.Inventors: Krishna NARAYANASWAMY, Ravi ITHAL, Steve MALMSKOG, Shankaran GNANASHANMUGAM, Arjun SAMBAMOORTHY, Chetan ANAND, Prashanth ARUN
-
Patent number: 9998496Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.Type: GrantFiled: July 18, 2016Date of Patent: June 12, 2018Assignee: Netskope, Inc.Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
-
Patent number: 9928377Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.Type: GrantFiled: August 25, 2015Date of Patent: March 27, 2018Assignee: netSkope, Inc.Inventors: Krishna Narayanaswamy, Ravi Ithal, Steve Malmskog, Shankaran Gnanashanmugam, Arjun Sambamoorthy, Chetan Anand, Prashanth Arun
-
Publication number: 20180048657Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.Type: ApplicationFiled: June 20, 2017Publication date: February 15, 2018Applicant: Netskope, Inc.Inventors: Sean HITTEL, Krishna NARAYANASWAMY, Ravindra K. BALUPARI, Ravi ITHAL