Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.

Abstract: Techniques for deep tracing of one or more users via a cloud-based system include receiving a request from an administrator to actively troubleshoot a user; causing a user device associated with the user to create a deep tracing session based on the request; assisting the user device in performing one or more traces of a plurality of traces to a destination; receiving results from any of the plurality of traces and results from metrics collected at the user device; and displaying a network map between the user device and the destination.

Abstract: Systems and methods for implemented by a user device for Real User Monitoring (RUM) include operating an add on for a web browser; receiving a list of domains or Uniform Resource Locators (URLs) to calculate RUM data thereon; responsive to the web browser accessing any of the domains or URLs in the list, calculating and storing RUM data; and periodically sending the stored RUM data to a cloud-based system. The RUM data can include statistics, metrics, and errors that are detected based on any of start of navigation, redirects, Domain Name System (DBS), connection establishment and teardown, Hypertext Transfer Protocol (HTTP) request and response start and end, Document Object Model (DOM) load time, page load time, and Java Script and AJAX error detection.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request from a client to perform a reverse trace; requesting a trace to an endpoint that is one of an egress router and a tunnel client, wherein there is a tunnel between i) the destination and ii) the one of the egress router and the tunnel client; receiving a response to the trace; and sending details associated with the response to the client so that the client aggregates these details with details from one or more additional legs to provide an overall view of a service path between the client and the destination.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system.

Abstract: Systems and methods include establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between a local node including one or more processors and a remote node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier. The first encryption technique can be one of TLS and SSL, and the second encryption technique can be one of TLS and DTLS.

Abstract: Systems and methods include, in a node operating as a snooping proxy, monitoring traffic between a user device and the Internet; detecting and monitoring a handshake between the user device and an endpoint for determining keys associated with encryption between the user device and the endpoint; monitoring encrypted traffic between the user device and the endpoint subsequent to the handshake based on the keys; and performing one or more security functions on the encrypted traffic based on the monitoring. The node can be part of a cloud-based security system and configured inline between the user device and the endpoint.

Abstract: System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request, from a client, for one or more of a first trace of a tunnel and a second trace to a destination; checking a cache at the node for results from previous traces of the first trace and the second trace; responsive to the results not being in the cache, performing one or more of the first trace and the second trace; and providing the results to the client so that the client aggregates the results with details from one or more additional legs to provide an overall view of a service path between the client and the destination.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud-based method includes monitoring traffic between a mobile device and a network in a cloud-based system that is implemented as an overlay network relative to the mobile device and the network; analyzing the traffic from the mobile device to the network, for enforcing policy thereon, wherein the policy includes a set of use guidelines associated with the user of the mobile device; and blocking or allowing the traffic from the mobile device to the network based on the analyzing.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Systems and methods for analyzing digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; based on user experience metrics collected by the inline monitoring and stored in a logging analysis system, obtaining user experience metrics for one or more users for a given time epoch and for a given application; determining a user experience score for the one or more users for the given time epoch and for the given application based on the obtained user experience metrics; and providing a graphical user interface displaying data related to various user experience scores for various users over various time epochs with various applications.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Systems and methods for monitoring digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; responsive to a user executing a specific application, obtaining device and application metrics for the user from the associated user device related to usage of specific application; obtaining network metrics from the cloud system related to network performance of the specific application; and providing the device and application metrics and the network metrics to a logging and analytics system for quantifying digital user experience of the specific application.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud-based method includes monitoring traffic between a mobile device and a network in a cloud-based system that is implemented as an overlay network relative to the mobile device and the network; analyzing the traffic from the mobile device to the network, for enforcing policy thereon, wherein the policy includes a set of use guidelines associated with the user of the mobile device; and blocking or allowing the traffic from the mobile device to the network based on the analyzing.

Abstract: Systems and methods for analyzing digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; based on user experience metrics collected by the inline monitoring and stored in a logging analysis system, obtaining user experience metrics for one or more users for a given time epoch and for a given application; determining a user experience score for the one or more users for the given time epoch and for the given application based on the obtained user experience metrics; and providing a graphical user interface displaying data related to various user experience scores for various users over various time epochs with various applications.

Abstract: Systems and methods for monitoring digital user experience include performing inline monitoring of network access between one or more users each with an associated user device executing an agent application, the Internet, and one or more cloud applications and private applications accessible via lightweight connectors; responsive to a user executing a specific application, obtaining device and application metrics for the user from the associated user device related to usage of specific application; obtaining network metrics from the cloud system related to network performance of the specific application; and providing the device and application metrics and the network metrics to a logging and analytics system for quantifying digital user experience of the specific application.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud based method includes monitoring traffic between a mobile device and an external network in a cloud based system separate from the mobile device and the external network; enforcing policy with respect to the traffic from the mobile device to the external network to determine whether to block or allow the traffic from the mobile device to the external network; and inspecting content associated with the traffic from the external network to the mobile device to determine whether to block or allow the traffic from the external network to the mobile device.

Abstract: System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.

Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.