Abstract: A cloud-based platform for zero trust network access (ZTNA) services provides zero trust network access as a service for multiple customers in a multi-tenant architecture. In this context, the configuration for a new ZTNA application is validated with a service proxy in a sandbox or similar environment before release by the cloud-based platform for access through a public network. As a significant advantage, this approach mitigates inadvertent conflicts or instability in a service proxy that supports other applications and customers.

Abstract: A cloud computing platform provides zero trust network access as a service to customers that maintain applications on-premises, and a zero trust network access appliance at the customer premises that couples the on-premises applications to the cloud computing platform. A customer may host multiple instances of the appliance in order to support scalable access, where each instance creates a separate secure tunnel to the cloud computing platform. In this context, when a new appliance authenticates a new secure tunnel, information such as a connector name, customer, and port for the tunnel may be shared on a control plane for the computing platform to facilitate programmatic load balancing within the cloud computing platform.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: A cluster of nodes are sequentially updated with new network configuration settings in order to maintain availability of the cluster during the update. In the sequential update, each node conditionally updates network configuration settings, tests connectivity, and retains an update to the configuration only if the node is able to restore connectivity suitable for operation in the cluster.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.