公开(公告)号：US12250197B2

公开(公告)日：2025-03-11

申请号：US17397772

申请日：2021-08-09

Applicant: Salesforce.com, Inc.

Inventor： Adam J. Salter ,  Deepanshu Badola ,  Stephen Fung ,  Santhosh ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Amitabh B. Chakrabarty ,  Vinod Vasant Pai ,  Christopher Jason Donley ,  Prabhat Singh

IPC: H04L61/4541 ,  H04L61/2585 ,  H04L61/5076 ,  H04L67/51

Abstract: A system is disclosed for acquiring and managing data regarding external IP (EIP) addresses of services offered in a trusted public cloud environment. The system monitors an application program interface of a service executing in a trusted public cloud environment for occurrence of an event that is related to an EIP of the service. When an event is detected, the system extract EIP related data and metadata of the service, generates a message with the extracted EIP data, and posts the message to a central message queue. The system monitors the message queue for the presence of a new message. Upon detecting a new message, the system processes the message, extracts EIP related data. metadata, and identifies an action. A central database that stores EIP related information of services executing in the trusted public cloud environment is updated based on the identified action.

公开(公告)号：US11977476B2

公开(公告)日：2024-05-07

申请号：US17587896

申请日：2022-01-28

Applicant: salesforce.com, inc.

Inventor： Kaushal Bansal ,  Prabhat Singh ,  Selim Ciraci

IPC: G06F11/36 ,  H04L9/40

CPC classification number: G06F11/368 ,  G06F11/3664 ,  G06F11/3692 ,  H04L63/20

Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking.

公开(公告)号：US20250047719A1

公开(公告)日：2025-02-06

申请号：US18923050

申请日：2024-10-22

Applicant: salesforce.com, inc.

Inventor： Toan Van Nguyen ,  Sriram Srinivasan ,  Syed Abdullah Shah ,  Santhosh Ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Prabhat Singh ,  Bogdan Florin Romanescu

IPC: H04L9/40

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.

公开(公告)号：US12170692B2

公开(公告)日：2024-12-17

申请号：US16948399

申请日：2020-09-16

Applicant: salesforce.com, inc.

Inventor： Toan Van Nguyen ,  Sriram Srinivasan ,  Syed Abdullah Shah ,  Santhosh Ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Prabhat Singh ,  Bogdan Florin Romanescu

IPC: H04L9/40

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.

公开(公告)号：US20230039162A1

公开(公告)日：2023-02-09

申请号：US17397772

申请日：2021-08-09

Applicant: salesforce.com, inc.

Inventor： Adam J. Salter ,  Deepanshu Badola ,  Stephen Fung ,  Santhosh ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Amitabh B. Chakrabarty ,  Vinod Vasant Pai ,  Christopher Jason Donley ,  Prabhat Singh

IPC: H04L29/12 ,  H04L29/08

Abstract: A system is disclosed for acquiring and managing data regarding external IP (EIP) addresses of services offered in a trusted public cloud environment. The system monitors an application program interface of a service executing in a trusted public cloud environment for occurrence of an event that is related to an EIP of the service. When an event is detected, the system extract EIP related data and metadata of the service, generates a message with the extracted EIP data, and posts the message to a central message queue. The system monitors the message queue for the presence of a new message. Upon detecting a new message, the system processes the message, extracts EIP related data. metadata, and identifies an action. A central database that stores EIP related information of services executing in the trusted public cloud environment is updated based on the identified action.

公开(公告)号：US20220086193A1

公开(公告)日：2022-03-17

申请号：US17248529

申请日：2021-01-28

Applicant: salesforce.com, inc.

Inventor： Toan Van Nguyen ,  Qiyuan Zheng ,  Santhosh Ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Prabhat Singh

IPC: H04L29/06

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for automation of network security policy analysis and deployment. A server system can obtain a system input comprising two versions of a policy output. The system can generate a severity characteristic that indicates a severity of deploying the second version of the policy output. The system can then determine whether to deploy the second version of the policy output based on the severity characteristic. The system can then, in response to determining that the second version of the policy output is to be deployed, deploy the second version of the policy output to one of a plurality of clouds.

公开(公告)号：US20220086189A1

公开(公告)日：2022-03-17

申请号：US16948399

申请日：2020-09-16

Applicant: salesforce.com, inc.

Inventor： Toan Van Nguyen ,  Sriram Srinivasan ,  Syed Abdullah Shah ,  Santhosh Ram Vetrinadar Manohar ,  Varun Kulkarni Somashekhar ,  Prabhat Singh ,  Bogdan Florin Romanescu

IPC: H04L29/06

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.