Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.

Abstract: Systems and methods for cloud-based inline encrypted traffic inspection include monitoring a plurality of users having associated user devices communicating over the Internet and the plurality of users are each associated with a plurality of organizations; responsive to traffic being encrypted by any user of the plurality of users, performing operations to enable inline access to the encrypted traffic for the any of the plurality of users; obtaining policy for the any user where the policy is determined by an associated organization of the any user and policy defines how the encrypted traffic is inspected; inspecting the encrypted traffic for the any user based on the obtained policy; and performing actions on the encrypted traffic based on the inspecting.

Abstract: A cloud service is executed on a plurality of nodes, each including at least one processor, and the cloud service is configured to communicate with a plurality of user devices, each user device associated with a user from an organization of a plurality of organizations, and each user device includes a plugin or browser extension installed thereon, provide configuration information to any of the plurality of user devices where the configuration information includes a plurality of domains to be monitored by the plugin or browser extension, wherein the plugin or browser extension is configured to monitor and/or determine real user monitoring (RUM) statistics when a given user device accesses one of the plurality of domains; and receive the RUM statistics from any of the plurality of user devices.

Abstract: Systems and methods for providing zero trust access to source applications, implemented in a cloud-based system. The method includes steps of, intercepting client application information; identifying if the application is a known application based on an application catalog, and collecting known information of the application from the application catalog; sending the application information to an enforcement node of a cloud-based system in a first packet; and sending only an application Identification (ID) in subsequent packets, wherein the application ID is used for policy enforcement.

Abstract: A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of, responsive to establishing a connection with a user device having a user associated with a tenant and obtaining policy for the user, monitoring traffic between the user device and the Internet where the monitoring is at a middle location, inline between the user device and an endpoint; responsive to the traffic being encrypted as a tunnel, performing one or more operations to enable accessing the encrypted traffic; analyzing the traffic based on the policy, including at least checking for malicious traffic and Data Loss Prevention (DLP) for the tenant; and one of allowing, blocking, or limiting the traffic based on the analyzing.

Abstract: Systems and methods include responsive to receiving a request at a remote node, determining whether the request is to be sent directly or via a cloud-based system; establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between the remote node and a local node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier.

Abstract: Systems and methods include establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between a local node including one or more processors and a remote node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier. The first encryption technique can be one of TLS and SSL, and the second encryption technique can be one of TLS and DTLS.

Abstract: Techniques for determining the path of User Datagram Protocol (UDP) traceroute probes using Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP). Various embodiments include sending a plurality of probes to one or more legs in a network path; obtaining measurements from each of the plurality of probes for each of the one or more legs in the network path; and performing one or more actions based on the measurements from each of the plurality of probes. The steps further include overlapping the measurements to determine latency to a destination and identifying throttling of UDP traffic based on the overlapping of measurements from the plurality of probes.

Abstract: A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of, responsive to establishing a connection with a user device having a user associated with a tenant and obtaining policy for the user, monitoring traffic between the user device and the Internet where the monitoring is at a middle location, inline between the user device and an endpoint; responsive to the traffic being encrypted as a tunnel, performing one or more operations to enable accessing the encrypted traffic; analyzing the traffic based on the policy, including at least checking for malicious traffic and Data Loss Prevention (DLP) for the tenant; and one of allowing, blocking, or limiting the traffic based on the analyzing.

Abstract: Systems and methods include connecting to and authenticating a plurality of user devices; utilizing a plurality of RESTful (Representational State Transfer web service) endpoints to communicate with the plurality of user devices; providing any of policy and configuration to the plurality of user devices utilizing version number via a RESTful endpoint; caching the any of policy and configuration for each device of the plurality of user devices; and receiving metrics based on measurements at the plurality of user devices according to corresponding policy and configuration, via a RESTful endpoint.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: A cloud service is executed on a plurality of nodes, each including at least one processor, and the cloud service is configured to communicate with a plurality of user devices, each user device associated with a user from an organization of a plurality of organizations, and each user device includes a plugin or browser extension installed thereon, provide configuration information to any of the plurality of user devices where the configuration information includes a plurality of domains to be monitored by the plugin or browser extension, wherein the plugin or browser extension is configured to monitor and/or determine real user monitoring (RUM) statistics when a given user device accesses one of the plurality of domains; and receive the RUM statistics from any of the plurality of user devices.

Abstract: Techniques for deep tracing of one or more users via a cloud-based system include receiving a request from an administrator to actively troubleshoot a user; causing a user device associated with the user to create a deep tracing session based on the request; assisting the user device in performing one or more traces of a plurality of traces to a destination; receiving results from any of the plurality of traces and results from metrics collected at the user device; and displaying a network map between the user device and the destination.

Abstract: The present disclosure relates to systems and methods for automatically bypassing SSL connections responsive to client SSL handshake failures. Various embodiments include detecting a first failed client SSL connection, creating a cache entry including a traffic fingerprint of the first failed client SSL connection, and bypassing subsequent connections matching the cached fingerprint of the first failed client SSL connection. Embodiments further include cache entries that include a TTL, wherein connections can be matched to the entries during the configured TTL. The present systems and methods are provided to alleviate issues associated SSL traffic interruptions and breakdowns.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods implemented by a traceroute application implementing a Transmission Control Protocol (TCP) stack in a processing device include sending a plurality of TCP packets via a raw socket to perform a trace to a destination; receiving responses to the plurality of TCP packets; detecting the responses in the TCP stack and diverting the responses to the raw socket; and aggregating the responses by the traceroute application to determine details of a service path from the processing device to the destination.

Abstract: Techniques for determining the path of User Datagram Protocol (UDP) traceroute probes using Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP). Various embodiments include sending a plurality of probes to one or more legs in a network path; obtaining measurements from each of the plurality of probes for each of the one or more legs in the network path; and performing one or more actions based on the measurements from each of the plurality of probes. The steps further include overlapping the measurements to determine latency to a destination and identifying throttling of UDP traffic based on the overlapping of measurements from the plurality of probes.

Abstract: A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of establishing a connection with a user device having a user associated with a tenant; obtaining policy for the user; monitoring traffic between the user device and the Internet including snooping session keys for any encrypted traffic; analyzing the traffic based on the policy including utilizing the session keys on the encrypted traffic; and one of allowing, blocking, or limiting the traffic based on the analyzing.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one or more mobile profiles for one or more mobile devices each associated with a user from an enterprise; responsive to enrollment of a mobile device of the one or more mobile devices, communicating to the mobile device; determining an associated mobile profile of the one or more mobile profiles for the mobile device; and configuring the mobile device based on the associated mobile profile.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request, from a client, for a trace of the tunnel; causing the trace inside the tunnel; obtaining results of the trace inside the tunnel; and sending the results of the trace inside the tunnel to the client so that the client aggregates these details with details from one or more additional legs to provide an overall view of a service path between the client and a destination.

Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving a response to a first web probe to a destination server; caching data associated with the response to the first web probe in a cache; receiving a request for a second web probe to the destination server; and serving a response to the second web probe utilizing the data in the cache in lieu of forwarding the second web probe to the destination server.