Patents by Inventor Ravi Ithal

Ravi Ithal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190394244
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Application
    Filed: August 28, 2019
    Publication date: December 26, 2019
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
  • Patent number: 10491638
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: November 26, 2019
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Patent number: 10476907
    Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: November 12, 2019
    Assignee: Netskope, Inc.
    Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
  • Patent number: 10469525
    Abstract: The technology disclosed relates to detecting a data attack on a local file system. The detecting includes scanning a list to identify files of the local file system that have been updated within a timeframe, reading payloads of files identified by the scanning, calculating current content properties from the payload of the files, obtaining historical content properties of the files, determining that a malicious activity is in process by analyzing the current content properties and the historical content properties to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current content properties and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the machine/user.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: November 5, 2019
    Assignee: Netskope, Inc.
    Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
  • Patent number: 10404755
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: September 3, 2019
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Patent number: 10404756
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: September 3, 2019
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Publication number: 20190268381
    Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.
    Type: Application
    Filed: May 10, 2019
    Publication date: August 29, 2019
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Abhay KULKARNI, Ravi ITHAL, Chetan ANAND, Rajneesh CHOPRA
  • Publication number: 20190245876
    Abstract: The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.
    Type: Application
    Filed: April 19, 2019
    Publication date: August 8, 2019
    Applicant: Netskope, Inc.
    Inventors: Ariel FAIGON, Krishna NARAYANASWAMY, Jeevan TAMBULURI, Ravi ITHAL, Steve MALMSKOG, Abhay KULKARNI
  • Patent number: 10291657
    Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: May 14, 2019
    Assignee: NetSkope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
  • Patent number: 10270788
    Abstract: The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: April 23, 2019
    Assignee: Netskope, Inc.
    Inventors: Ariel Faigon, Krishna Narayanaswamy, Jeevan Tambuluri, Ravi Ithal, Steve Malmskog, Abhay Kulkarni
  • Publication number: 20180367575
    Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.
    Type: Application
    Filed: June 5, 2018
    Publication date: December 20, 2018
    Applicant: NetSkope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Abhay KULKARNI, Ravi ITHAL, Chetan ANAND, Rajneesh CHOPRA
  • Publication number: 20180309795
    Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.
    Type: Application
    Filed: April 20, 2018
    Publication date: October 25, 2018
    Applicant: Netskope, Inc.
    Inventors: Ravi ITHAL, Krishna NARAYANASWAMY
  • Publication number: 20180309723
    Abstract: The technology disclosed relates to conserving inspection bandwidth of a data inspection and loss prevention appliance (DILPA) of a network security system (NSS). The technology disclosed uses bypass lists to ensure that rich content traffic is not subjected to inspection by the DILPA. An endpoint routing client (ERC), running on a device, has a bypass list of bandwidth conservable destination identifiers for which inspection bandwidth of the DILPA is conserved by bypassing the DILPA. The identifiers specify rich content sources through domain names, URLs, web categories, and server names (e.g., server name indications (SNIs), HOST headers). ERC classifies incoming connecting access requests as loss prevention inspectable or bandwidth conservable by comparing them against entries in the bypass list. ERC tunnels loss prevention inspectable requests to the DILPA over a secure encrypted channel for inspection.
    Type: Application
    Filed: April 20, 2018
    Publication date: October 25, 2018
    Applicant: Netskope, Inc.
    Inventors: Ravi ITHAL, Krishna NARAYANASWAMY
  • Publication number: 20180278653
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Application
    Filed: May 25, 2018
    Publication date: September 27, 2018
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
  • Publication number: 20180278652
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Application
    Filed: May 25, 2018
    Publication date: September 27, 2018
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
  • Publication number: 20180278651
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Application
    Filed: May 25, 2018
    Publication date: September 27, 2018
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Lebin CHENG, Ravi ITHAL, Sanjay BERI
  • Publication number: 20180218167
    Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
    Type: Application
    Filed: March 26, 2018
    Publication date: August 2, 2018
    Applicant: Netskope, Inc.
    Inventors: Krishna NARAYANASWAMY, Ravi ITHAL, Steve MALMSKOG, Shankaran GNANASHANMUGAM, Arjun SAMBAMOORTHY, Chetan ANAND, Prashanth ARUN
  • Patent number: 9998496
    Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: June 12, 2018
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Ravi Ithal, Sanjay Beri
  • Patent number: 9928377
    Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: March 27, 2018
    Assignee: netSkope, Inc.
    Inventors: Krishna Narayanaswamy, Ravi Ithal, Steve Malmskog, Shankaran Gnanashanmugam, Arjun Sambamoorthy, Chetan Anand, Prashanth Arun
  • Publication number: 20180048657
    Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.
    Type: Application
    Filed: June 20, 2017
    Publication date: February 15, 2018
    Applicant: Netskope, Inc.
    Inventors: Sean HITTEL, Krishna NARAYANASWAMY, Ravindra K. BALUPARI, Ravi ITHAL