公开(公告)号：US11818176B1

公开(公告)日：2023-11-14

申请号：US17887400

申请日：2022-08-12

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Siying Yang ,  Krishna Narayanaswamy

IPC分类号： H04L29/06 ,  H04L9/40 ,  H04L41/08

CPC分类号： H04L63/20 ,  H04L41/0886 ,  H04L63/1425

摘要： The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.

公开(公告)号：US11757944B2

公开(公告)日：2023-09-12

申请号：US17527125

申请日：2021-11-15

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Prasenna Ravi

IPC分类号： H04L9/40 ,  G06F9/54

CPC分类号： H04L63/20 ,  G06F9/547 ,  H04L63/0853

摘要： The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.

公开(公告)号：US11647052B2

公开(公告)日：2023-05-09

申请号：US17237877

申请日：2021-04-22

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Prasenna Ravi

IPC分类号： H04L9/40

CPC分类号： H04L63/20 ,  H04L63/0853 ,  H04L63/1425

摘要： The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.

公开(公告)号：US11943260B2

公开(公告)日：2024-03-26

申请号：US18163761

申请日：2023-02-02

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  David Tze-Si Wu ,  Prasenna Ravi

IPC分类号： H04L9/40

CPC分类号： H04L63/20 ,  H04L63/0263 ,  H04L63/104

摘要： The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.

公开(公告)号：US11831685B2

公开(公告)日：2023-11-28

申请号：US17688779

申请日：2022-03-07

申请人： NETSKOPE, INC.

发明人： Prasenna Ravi ,  David Tze-Si Wu

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L9/40 ,  H04L67/561

CPC分类号： H04L63/20 ,  H04L63/0236 ,  H04L63/1425 ,  H04L67/561

摘要： The technology disclosed relates to application-specific data flow for synthetic request injection for cloud security enforcement. In particular, it relates to data flow logic configured to inject an incoming request directed to a cloud application in a processing path of a particular network security system.

公开(公告)号：US20240195840A1

公开(公告)日：2024-06-13

申请号：US18443976

申请日：2024-02-16

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  David Tze-Si Wu ,  Prasenna Ravi

IPC分类号： H04L9/40

CPC分类号： H04L63/20 ,  H04L63/0263 ,  H04L63/104

摘要： The technology disclosed describes a network security system (NSS) for managing cloud security posture. The NSS uses synthetic request injection to determine a security posture of a resource hosted on a cloud application for policy enforcement. The NSS receives an incoming request from a client directed toward a resource hosted on a cloud application during an application session. The NSS holds the incoming request, generates the synthetic request, and transmits the synthetic request to the cloud application. The synthetic request is designed to retrieve information specifying the security posture of the resource from the cloud application using the resource identifier. The NSS receives a response to the synthetic request from the cloud application that supplies the information specifying the security posture of the resource. The NSS applies a policy on the incoming request based on the security posture information.

公开(公告)号：US11843638B1

公开(公告)日：2023-12-12

申请号：US17887389

申请日：2022-08-12

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Siying Yang ,  Krishna Narayanaswamy

IPC分类号： H04L9/00 ,  H04L9/40 ,  H04L61/5014

CPC分类号： H04L63/20 ,  H04L61/5014 ,  H04L63/0876 ,  H04L63/1425

摘要： The technology disclosed relates to a DHCP server-based steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a steering logic running on a DHCP server on a network segment of a network. The steering logic is configured to receive DHCP requests broadcasted to the DHCP server by a plurality of special-purpose devices on the network segment, access DHCP responses generated by the DHCP server for the DHCP requests, receive, from a device classification logic, a positive determination that special-purpose devices in the plurality of special-purpose devices are special-purpose devices and not general-purpose devices, modify the accessed DHCP responses by replacing the default gateway with an inline secure forwarder on the network segment, and send the modified DHCP responses to the special-purpose devices.

公开(公告)号：US11843579B1

公开(公告)日：2023-12-12

申请号：US17887376

申请日：2022-08-12

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Siying Yang ,  Krishna Narayanaswamy

IPC分类号： H04L9/40

CPC分类号： H04L63/0245 ,  H04L63/164 ,  H04L63/20

摘要： The technology disclosed relates to a steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a system. The system comprises an in-network intermediary. The in-network intermediary is configured to receive outbound network traffic from a plurality of special-purpose devices on a network segment of a network. The outbound network traffic is directed at one or more out-of-network servers. The in-network intermediary is further configured to determine, from the outbound network traffic, metadata required for policy enforcement. The in-network intermediary is further configured to append the metadata to the outbound network traffic, and send the outbound network traffic appended with the metadata to a policy enforcement point for policy enforcement.

公开(公告)号：US11271973B1

公开(公告)日：2022-03-08

申请号：US17238579

申请日：2021-04-23

申请人： Netskope, Inc.

发明人： Prasenna Ravi ,  David Tze-Si Wu

IPC分类号： H04L29/06 ,  H04L67/561 ,  H04L41/22

摘要： The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive, during an application session, an incoming request from a client. The incoming request is directed towards a cloud application and includes an object identifier of an object. The network security system is further configured to analyze the incoming request and detect the object identifier. The network security system is further configured to configure a synthetic request with the object identifier and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive a response to the synthetic request from the cloud application. The response supplies the object metadata.

公开(公告)号：US11190550B1

公开(公告)日：2021-11-30

申请号：US17237863

申请日：2021-04-22

申请人： Netskope, Inc.

发明人： David Tze-Si Wu ,  Prasenna Ravi

IPC分类号： H04L29/06

摘要： The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive from a client an incoming request to upload an object to a cloud application over an application session. The object is subject to policy enforcement by the network security system. The network security system is further configured to generate a synthetic request, upload the object to the cloud application, and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to modify a security posture of the uploaded object in dependence upon the policy enforcement.