公开(公告)号：US20210051178A1

公开(公告)日：2021-02-18

申请号：US16541528

申请日：2019-08-15

申请人： COLORTOKENS, INC.

发明人： JAYARAGHAVENDRAN KUPPANNAN ,  Deepak Kushwaha ,  Binjith Payyappatt Satheendran ,  Ramprasath Rajagopalan

IPC分类号： H04L29/06 ,  H04L12/851

摘要： A method and a system for automatically managing security policies at multiple resources are provided. A policy management engine receives and deploys a security policy configured for each resource with one or more configuration parameters on a security component of each resource. The policy management engine determines modifications made to the security policy at a corresponding resource and automatically corrects the security policy at the corresponding resource. The policy management engine generates and renders a notification including the security policy, the modifications, and detailed information of the modifications and the automatic correction of the security policy to an administrator device. The detailed information includes a description, a type, a timestamp, number of instances, etc., of each modification, volume and type of traffic flow incurred due to the modifications, historical modification information, a timestamp and a status of the automatic correction, historical correction information, a resource identification, event information, etc.

公开(公告)号：US11533312B2

公开(公告)日：2022-12-20

申请号：US16507323

申请日：2019-07-10

申请人： COLORTOKENS, INC.

发明人： Jayaraghavendran Kuppannan ,  Deepak Kushwaha ,  Mahesh Raghuvir Bhat ,  Arun Koshal ,  Vishal Sharma ,  Sagar Singha

IPC分类号： H04L9/40 ,  H04L61/256

摘要： The present disclosure envisages enforcing micro-segmentation policies on a user computer that intermittently migrates between a secured enterprise network and an unsecured network, for instance, a public network. The present disclosure envisages switching between appropriate micro-segmentation policies, in-line with the change in the current location of the user device, the change triggered by the user device migrating from the enterprise network to an unsecured network or vice-versa. The present disclosure envisages selectively enforcing micro-segmentation policies upon a user device based on the current location thereof, such that the micro-segmentation policies and the corresponding access permissions assigned to the user device differ in line with the current location of the user device, thereby exposing sensitive enterprise resources, forming a part of the enterprise network, in a selective and restricted manner, in line with the micro-segmentation policies enforced upon the user device based primarily on the current location of the user device.

公开(公告)号：US20200274781A1

公开(公告)日：2020-08-27

申请号：US16285106

申请日：2019-02-25

申请人： COLORTOKENS, INC.

发明人： Deepak Kushwaha ,  Puneet Tutliani

IPC分类号： H04L12/26

摘要： Disclosed herein are a method, a view generating computing device, and a non-transitory computer readable medium for generating plurality of views on a user interface in a big data environment, the views corresponding to data flows from a plurality of source devices to the plurality of destination devices and vice-versa, The method includes receiving data flows from each of the plurality of source devices and each of the plurality of destination devices, the data flows indicative of the flow of data between a source device and corresponding destination device; receiving a request from a user interface associated with a user device; generating, a source view, a destination view, and a differential view; rendering the source view, the destination view, and the differential view on the user interface, wherein the source view, the destination view, and the differential view are viewed concurrently in real time m response to the generating.

公开(公告)号：US11363068B2

公开(公告)日：2022-06-14

申请号：US16673539

申请日：2019-11-04

申请人： COLORTOKENS, INC.

发明人： Jayaraghavendran Kuppannan ,  Deepak Kushwaha

IPC分类号： H04L29/06 ,  H04L9/40

摘要： A computer-implemented method and a system provide a complete traceability of changes incurred in a security policy corresponding to a resource. A policy tracing engine (PTE) monitors and determines events of interest occurring at the resource. The PTE determines administrator-initiated intent-based changes and dynamic event-based changes incurred in the security policy and assigns a unique policy identifier (UPI) to the security policy. The UPI is a combination of unique identifiers assigned to the intent-based change and the event-based change. The PTE recomputes and stores the security policy and the UP in a policy database. The PTE receives network access information including the UPI from the corresponding resource deployed with the security policy. The PTE generates a traceability report that provides a complete traceability of each policy action performed in a networked environment to a source of each change incurred in the security policy as identified by the UPI.

公开(公告)号：US11303678B2

公开(公告)日：2022-04-12

申请号：US16541528

申请日：2019-08-15

申请人： COLORTOKENS, INC.

发明人： Jayaraghavendran Kuppannan ,  Deepak Kushwaha ,  Binjith Payyappatt Satheendran ,  Ramprasath Rajagopalan

IPC分类号： H04L29/06 ,  H04L47/2483

摘要： A method and a system for automatically managing security policies at multiple resources are provided. A policy management engine receives and deploys a security policy configured for each resource with one or more configuration parameters on a security component of each resource. The policy management engine determines modifications made to the security policy at a corresponding resource and automatically corrects the security policy at the corresponding resource. The policy management engine generates and renders a notification including the security policy, the modifications, and detailed information of the modifications and the automatic correction of the security policy to an administrator device. The detailed information includes a description, a type, a timestamp, number of instances, etc., of each modification, volume and type of traffic flow incurred due to the modifications, historical modification information, a timestamp and a status of the automatic correction, historical correction information, a resource identification, event information, etc.

公开(公告)号：US11095614B2

公开(公告)日：2021-08-17

申请号：US16412219

申请日：2019-05-14

申请人： COLORTOKENS, INC.

发明人： Jayaraghavendran Kuppannan ,  Deepak Kushwaha ,  Natarajan Venkataraman ,  Puneet Tutliani

IPC分类号： G06F17/00 ,  H04L29/06

摘要： A hostname based access configuration system (HNACS) is provided for configuring a host-based firewall to implement firewall policies referencing hostnames. The HNACS defines a hostname based firewall policy (HNFP) referencing a host server using a corresponding hostname instead of an internet protocol (IP) address. The HNACS incorporates the HNFP onto the host-based firewall but renders the HNFP non-implementable on the computing device until a domain name system (DNS) query is generated. If the DNS query includes the hostname in the HNFP, the HNACS determines a mapping between the hostname specified in the DNS query and an IP address corresponding to the hostname (obtained via a DNS response corresponding to the DNS query). Based on the mapping, the HNFP is transformed via an implicit replacement of the hostname in the HNFP with the IP address of the host server, thereby rendering the HNFP executable on the host-based firewall.