公开(公告)号：US20230115982A1

公开(公告)日：2023-04-13

申请号：US17499942

申请日：2021-10-13

Applicant: Zscaler, Inc.

Inventor： Dianhuan Lin ,  Raimi Shah ,  Rex Shang ,  Loc Bui ,  Subramanian Srinivasan ,  William Fehring ,  Arvind Nadendla ,  John A. Chanak ,  Shudong Zhou ,  Howie Xu

IPC: H04L29/06 ,  G06N5/02

Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.

公开(公告)号：US12177667B2

公开(公告)日：2024-12-24

申请号：US17699388

申请日：2022-03-21

Applicant: Zscaler, Inc.

Inventor： Nathan Howe ,  Kenneth B. Urquhart ,  Subramanian Srinivasan ,  Sridhar Kartik Kumar Chatnalli Deshpande ,  Patrick Foxhoven

IPC: H04W12/37 ,  H04W12/08 ,  H04W76/10

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

公开(公告)号：US20240031455A1

公开(公告)日：2024-01-25

申请号：US18366836

申请日：2023-08-08

Applicant: Zscaler, Inc.

Inventor： Arvind Nadendla ,  Kartik Kumar Chatnalli Deshpande Sridhar ,  Subramanian Srinivasan ,  Vipin Kumar ,  Kenneth B. Urquhart ,  Nathan Howe

IPC: H04L69/08 ,  H04L45/645 ,  H04L65/65

CPC classification number: H04L69/08 ,  H04L45/645 ,  H04L65/65

Abstract: The present disclosure relates to systems and methods for in-transit protocol translation. Specifically, various approaches are described for translating protocols for intermediate networks in a way by which there is no need of support for encapsulation/decapsulation at the end hosts and does not require any changes to end hosts or transit networks. Various embodiments include intercepting traffic between one or more source client devices and a transit network; detecting a first communication protocol used by the one or more source client devices in the traffic; translating the traffic from the first communication protocol to a second communication protocol; and forwarding the traffic to the transit network using the second communication protocol.

公开(公告)号：US20220083407A1

公开(公告)日：2022-03-17

申请号：US17084091

申请日：2020-10-29

Applicant: Zscaler, Inc.

Inventor： Arvind Nadendla ,  Subramanian Srinivasan ,  Vivek Dhiman

IPC: G06F9/54 ,  G06F9/50 ,  G06F9/48

Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.

公开(公告)号：US20230422086A1

公开(公告)日：2023-12-28

申请号：US18339752

申请日：2023-06-22

Applicant: Zscaler, Inc.

Inventor： Kartik Kumar Chatnalli Deshpande Sridhar ,  Arvind Nadendla ,  Kenneth B. Urquhart ,  Subramanian Srinivasan

IPC: H04W28/02 ,  H04W28/20

CPC classification number: H04W28/0268 ,  H04W28/20

Abstract: A method implemented via a cloud-based system for network slicing in a 5G network includes connecting with a device that connects to the 5G network, wherein the cloud-based system includes a plurality of nodes interconnected to one another and including one or more nodes integrated in a user plane of the 5G network; inline monitoring traffic between the device and destinations including any of the Internet, cloud services, private applications, edge compute, Multiaccess Edge Compute (MEC), public/private data centers, and public/private clouds; and enforcing bandwidth control, in the 5G network, to a defined Quality of Service for a slice associated with the device.

公开(公告)号：US11537456B2

公开(公告)日：2022-12-27

申请号：US17084091

申请日：2020-10-29

Applicant: Zscaler, Inc.

Inventor： Arvind Nadendla ,  Subramanian Srinivasan ,  Vivek Dhiman

IPC: G06F9/54 ,  G06F9/48 ,  G06F9/50

Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.

公开(公告)号：US20220286854A1

公开(公告)日：2022-09-08

申请号：US17699388

申请日：2022-03-21

Applicant: Zscaler, Inc.

Inventor： Nathan Howe ,  Kenneth B. Urquhart ,  Subramanian Srinivasan ,  Sridhar Kartik Kumar Chatnalli Deshpande ,  Patrick Foxhoven

IPC: H04W12/08 ,  H04W76/10

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

公开(公告)号：US20180270201A1

公开(公告)日：2018-09-20

申请号：US15986874

申请日：2018-05-23

Applicant: Zscaler, Inc.

Inventor： John A. Chanak ,  Patrick Foxhoven ,  William Fehring ,  Denzil Wessels ,  Kunal Shah ,  Subramanian Srinivasan

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/14 ,  H04L9/32 ,  G06F9/54

CPC classification number: H04L63/0272 ,  G06F9/547 ,  H04L9/006 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/029 ,  H04L63/0823 ,  H04L63/0876 ,  H04L67/1021 ,  H04L67/42

Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components including a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; and, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.

公开(公告)号：US11075923B1

公开(公告)日：2021-07-27

申请号：US16886882

申请日：2020-05-29

Applicant: Zscaler, Inc.

Inventor： Subramanian Srinivasan ,  Arvind Nadendla

IPC: G06F15/16 ,  G06F15/173 ,  H04L12/815 ,  H04L12/825 ,  H04L29/06 ,  G06F9/54 ,  H04L12/24 ,  H04L29/08

Abstract: Systems and methods for limiting calls to access a cloud-based system are disclosed. The systems and methods obtain a rate limiting policy including at least one attribute and a counting interval, the at least one attribute including at least one of a username associated with a client, an instance, an organization associated with the client, a resource being requested, a service being requested, a geographical access region, and an Application Programming Interface (API) being requested. The systems and methods also mark an entry, based on the rate limiting policy, in a database for each call the client makes. The systems and methods further enforce the rate liming policy by not processing calls from the client associated with the at least one attribute that are made for a count of calls marked that is beyond the counting interval.

公开(公告)号：US20190312792A1

公开(公告)日：2019-10-10

申请号：US15949345

申请日：2018-04-10

Applicant: Zscaler, Inc.

Inventor： Subramanian Srinivasan

IPC: H04L12/24 ,  H04L9/32

Abstract: Systems and methods for managing configurations of distributed computing services include responsive to an update to a configuration of a service, performing a write to a cryptographically bound journal; validating the write by a plurality of validators; responsive to validation of the write, permanently recording the write in the cryptographically bound journal in a block chain; and providing an update to the cryptographically bound journal to the distributed computing services.