公开(公告)号：US12056235B2

公开(公告)日：2024-08-06

申请号：US15936269

申请日：2018-03-26

Applicant: Netskope, Inc.

Inventor： Krishna Narayanaswamy ,  Ravi Ithal ,  Steve Malmskog ,  Shankaran Gnanashanmugam ,  Arjun Sambamoorthy ,  Chetan Anand ,  Prashanth Arun

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L67/1097 ,  H04W12/088

CPC classification number: G06F21/554 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/6218 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0872 ,  H04L9/3236 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/123 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458 ,  H04L67/1097 ,  H04W12/088 ,  H04L2463/061

Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

公开(公告)号：US20240073245A1

公开(公告)日：2024-02-29

申请号：US18502895

申请日：2023-11-06

Applicant: Netskope, Inc.

Inventor： Krishna Narayanaswamy

IPC: H04L9/40 ,  G06F21/62 ,  H04L67/02

CPC classification number: H04L63/1483 ,  G06F21/6245 ,  H04L63/1425 ,  H04L63/20 ,  H04L67/02

Abstract: The technology disclosed intercepts a webpage rendered by a server in response to a user action executed on a client. The technology disclosed analyzes one or more images of the webpage and determines that a particular hosted service is represented by the images. It analyzes one or more fields of the webpage and determines that the fields elicit confidential information. The technology disclosed intercepts a request generated by the client in response to another user action providing the confidential information via the fields. The technology disclosed analyses the request and determines that the confidential information is being exfiltrated to an unsanctioned resource. This determination is made by comparing a resource address in the request with one or more sanctioned resource addresses used by the particular hosted service. The technology disclosed determines that the webpage is effectuating a phishing attack and blocks transmission of the confidential information to the unsanctioned resource.

公开(公告)号：US20240039961A1

公开(公告)日：2024-02-01

申请号：US18484392

申请日：2023-10-10

Applicant: Netskope, Inc.

Inventor： David Tze-Si Wu ,  Siying Yang ,  Krishna Narayanaswamy

IPC: H04L9/40 ,  H04L41/08

CPC classification number: H04L63/20 ,  H04L63/1425 ,  H04L41/0886

Abstract: The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.

公开(公告)号：US11856026B2

公开(公告)日：2023-12-26

申请号：US17080740

申请日：2020-10-26

Applicant: Netskope, Inc.

Inventor： Ravi Ithal ,  Krishna Narayanaswamy

IPC: H04L9/40 ,  H04L69/22 ,  H04L67/02 ,  H04L61/4511

CPC classification number: H04L63/20 ,  H04L63/029 ,  H04L63/0227 ,  H04L63/0428 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/02 ,  H04L69/22 ,  H04L61/4511 ,  H04L63/0823

Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.

公开(公告)号：US20230344841A1

公开(公告)日：2023-10-26

申请号：US18347498

申请日：2023-07-05

Applicant: Netskope, Inc.

Inventor： Jeevan Tambuluri ,  Ravi Ithal ,  Steve Malmskog ,  Abhay Kulkarni ,  Ariel Faigon ,  Krishna Narayanaswamy

IPC: H04L9/40 ,  G06N20/00 ,  G06F21/55 ,  G06F21/62 ,  G06N5/02 ,  G06N7/01

CPC classification number: H04L63/1416 ,  G06N20/00 ,  G06F21/554 ,  G06F21/6209 ,  G06N5/02 ,  G06N7/01

Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. An anomaly score received for a production event is determined based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.

公开(公告)号：US20230336592A1

公开(公告)日：2023-10-19

申请号：US18163761

申请日：2023-02-02

Applicant: Netskope, Inc.

Inventor： Krishna Narayanaswamy ,  David Tze-Si Wu ,  Prasenna Ravi

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/104 ,  H04L63/0263

Abstract: The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.

公开(公告)号：US11743275B2

公开(公告)日：2023-08-29

申请号：US17332879

申请日：2021-05-27

Applicant: Netskope, Inc.

Inventor： Jeevan Tambuluri ,  Ravi Ithal ,  Steve Malmskog ,  Abhay Kulkarni ,  Ariel Faigon ,  Krishna Narayanaswamy

IPC: H04L9/40 ,  G06N20/00 ,  G06F21/55 ,  G06F21/62 ,  G06N5/02 ,  G06N7/01

CPC classification number: H04L63/1416 ,  G06F21/554 ,  G06F21/6209 ,  G06N5/02 ,  G06N7/01 ,  G06N20/00

Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. An anomaly score received for a production event is determined based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.

公开(公告)号：US20210004479A1

公开(公告)日：2021-01-07

申请号：US17027556

申请日：2020-09-21

Applicant: netSkope, Inc.

Inventor： Ravi Ithal ,  Shaila Vasudev ,  Khurram Saqlain ,  Mahesh Gupta ,  Karan Mendiratta ,  Krishna Narayanaswamy

IPC: G06F21/62 ,  H04L9/06 ,  G06F16/22 ,  G06F16/245 ,  H04L29/06 ,  H04L9/08 ,  G06F21/60

Abstract: The technology disclosed teaches protecting sensitive data in the cloud via indexable databases. The method includes identifying sensitive fields of metadata for encryption and for hashing. The method also includes hashing at least partial values in the indexable sensitive fields to non-reversible hash values, concatenating the non-reversible hash values with the metadata for the network events, and encrypting the sensitive fields of metadata. Also included is sending the metadata for the network events, with the non-reversible hash values and the encrypted sensitive fields, to a remote database server that does not have a decryption key for the encrypted sensitive fields and that indexes the non-reversible hash values for indexed retrieval against the indexable sensitive fields. The disclosed technology also teaches retrieving sensitive information that is secured at rest: receiving a sensitive field query, hashing the query, querying and receiving network event metadata responsive to the query, and decrypting the metadata.

公开(公告)号：US10291657B2

公开(公告)日：2019-05-14

申请号：US16000132

申请日：2018-06-05

Applicant: NetSkope, Inc.

Inventor： Krishna Narayanaswamy ,  Lebin Cheng ,  Abhay Kulkarni ,  Ravi Ithal ,  Chetan Anand ,  Rajneesh Chopra

IPC: H04L29/06 ,  G06F21/62 ,  G06F17/30

Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.

公开(公告)号：US12067493B2

公开(公告)日：2024-08-20

申请号：US17202075

申请日：2021-03-15

Applicant: Netskope, Inc.

Inventor： Yi Zhang ,  Xiaolin Wang ,  Siying Yang ,  Krishna Narayanaswamy

IPC: G06T3/4046 ,  G06F18/214 ,  G06N3/084 ,  G06N5/046 ,  G06T5/50 ,  G06V10/44 ,  G06V10/82 ,  G06V30/414

CPC classification number: G06N3/084 ,  G06F18/214 ,  G06N5/046 ,  G06T3/4046 ,  G06T5/50 ,  G06V10/454 ,  G06V10/82 ,  G06V30/414

Abstract: Disclosed are methods and systems for detecting screenshot images and protecting against loss of sensitive screenshot-borne data. One disclosed method includes collecting examples of the screenshot images and non-screenshot images and creating labelled ground-truth data for the examples. The method also includes applying re-rendering of at least some of the collected example screenshot images to represent different variations of screenshots that may contain sensitive information, and further includes training a deep learning stack by forward inference and back propagation using labelled ground-truth data for the screenshot images and the examples of the non-screenshot images. The method further includes using results of the back propagation to configure parameters of the trained DL stack for inference from images in production. Also disclosed is applying a screenshot robot to collect the examples of the screenshot images and non-screenshot images.