Patents by Inventor Vladimir STEPANENKO
Vladimir STEPANENKO has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11770319Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods implemented by a traceroute application implementing a Transmission Control Protocol (TCP) stack in a processing device include sending a plurality of TCP packets via a raw socket to perform a trace to a destination; receiving responses to the plurality of TCP packets; detecting the responses in the TCP stack and diverting the responses to the raw socket; and aggregating the responses by the traceroute application to determine details of a service path from the processing device to the destination.Type: GrantFiled: January 14, 2021Date of Patent: September 26, 2023Assignee: Zscaler, Inc.Inventors: Sandeep Kamath, Chenglong Zheng, Vladimir Stepanenko, Srikanth Devarajan
-
Patent number: 11637766Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.Type: GrantFiled: January 14, 2021Date of Patent: April 25, 2023Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Chenglong Zheng, Ajit Singh, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko
-
Patent number: 11582192Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.Type: GrantFiled: February 4, 2020Date of Patent: February 14, 2023Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
-
Publication number: 20220224622Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods implemented by a traceroute application implementing a Transmission Control Protocol (TCP) stack in a processing device include sending a plurality of TCP packets via a raw socket to perform a trace to a destination; receiving responses to the plurality of TCP packets; detecting the responses in the TCP stack and diverting the responses to the raw socket; and aggregating the responses by the traceroute application to determine details of a service path from the processing device to the destination.Type: ApplicationFiled: January 14, 2021Publication date: July 14, 2022Inventors: Sandeep Kamath, Chenglong Zheng, Vladimir Stepanenko, Srikanth Devarajan
-
Publication number: 20220224621Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.Type: ApplicationFiled: January 14, 2021Publication date: July 14, 2022Inventors: Srikanth Devarajan, Chenglong Zheng, Ajit Singh, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko
-
Publication number: 20220217121Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.Type: ApplicationFiled: January 26, 2022Publication date: July 7, 2022Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh kumar Povlavaram Munirathnam
-
Patent number: 11277383Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.Type: GrantFiled: April 27, 2020Date of Patent: March 15, 2022Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh kumar Povlavaram Munirathnam
-
Patent number: 11228519Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request from a client to perform a reverse trace; requesting a trace to an endpoint that is one of an egress router and a tunnel client, wherein there is a tunnel between i) the destination and ii) the one of the egress router and the tunnel client; receiving a response to the trace; and sending details associated with the response to the client so that the client aggregates these details with details from one or more additional legs to provide an overall view of a service path between the client and the destination.Type: GrantFiled: March 5, 2021Date of Patent: January 18, 2022Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Chenglong Zheng, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko, Vikas Mahajan, Pankaj Chhabra
-
Patent number: 11159486Abstract: System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.Type: GrantFiled: April 27, 2020Date of Patent: October 26, 2021Assignee: Zscaler, Inc.Inventors: Sushil Pangeni, Vladimir Stepanenko, Srikanth Devarajan, Shashi Kiran Meda Ravi
-
Metric computation for traceroute probes using cached data to prevent a surge on destination servers
Patent number: 11153190Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include receiving a request, from a client, for one or more of a first trace of a tunnel and a second trace to a destination; checking a cache at the node for results from previous traces of the first trace and the second trace; responsive to the results not being in the cache, performing one or more of the first trace and the second trace; and providing the results to the client so that the client aggregates the results with details from one or more additional legs to provide an overall view of a service path between the client and the destination.Type: GrantFiled: March 5, 2021Date of Patent: October 19, 2021Assignee: Zscaler, Inc.Inventors: Vikas Mahajan, Srikanth Devarajan, Chenglong Zheng, Pankaj Chhabra, Sandeep Kamath, Chakkaravarthy Periyasamy Balaiah, Vladimir Stepanenko, Sreedhar Pampati -
Publication number: 20200259793Abstract: System and methods implemented in a node in a cloud-based security system include obtaining a plurality of rules each define via a rule syntax that includes a rule header and rule options, wherein each rule header is used to for a rule database lookup, and each rule options is used to specify details about the associated rule; monitoring data associated with a user of the cloud-based security system; analyzing the data with the plurality of rules; and performing one or more security functions on the data based on triggering of a rule of the plurality of rules.Type: ApplicationFiled: April 27, 2020Publication date: August 13, 2020Inventors: Sushil Pangeni, Vladimir Stepanenko, Srikanth Devarajan, Shashi Kiran Meda Ravi
-
Publication number: 20200259792Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.Type: ApplicationFiled: April 27, 2020Publication date: August 13, 2020Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh kumar Povlavaram Munirathnam
-
Publication number: 20200177548Abstract: Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution.Type: ApplicationFiled: February 4, 2020Publication date: June 4, 2020Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
-
Patent number: 10594656Abstract: A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall.Type: GrantFiled: November 17, 2015Date of Patent: March 17, 2020Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
-
Patent number: 10432651Abstract: Systems and methods of detecting Domain Name System (DNS) tunnels for monitoring thereof include obtaining data related to DNS traffic between DNS nameservers and clients; determining a score for each DNS nameserver based on the data to characterize DNS queries over a period of time for each DNS nameserver, wherein the score incorporates all DNS queries associated with the associated DNS nameserver over the period of time; determining one or more DNS nameservers likely operating DNS tunnels based on the score; and performing one or more actions on the one or more DNS nameservers related to the DNS tunnels.Type: GrantFiled: August 17, 2017Date of Patent: October 1, 2019Assignee: Zscaler, Inc.Inventors: Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Srikanth Devarajan
-
Publication number: 20190058718Abstract: Systems and methods of detecting Domain Name System (DNS) tunnels for monitoring thereof include obtaining data related to DNS traffic between DNS nameservers and clients; determining a score for each DNS nameserver based on the data to characterize DNS queries over a period of time for each DNS nameserver, wherein the score incorporates all DNS queries associated with the associated DNS nameserver over the period of time; determining one or more DNS nameservers likely operating DNS tunnels based on the score; and performing one or more actions on the one or more DNS nameservers related to the DNS tunnels.Type: ApplicationFiled: August 17, 2017Publication date: February 21, 2019Inventors: Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Srikanth Devarajan
-
Publication number: 20170142068Abstract: A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall.Type: ApplicationFiled: November 17, 2015Publication date: May 18, 2017Applicant: Zscaler, Inc.Inventors: Srikanth DEVARAJAN, Vladimir STEPANENKO, Ravinder VERMA, James KAWAMOTO