公开(公告)号：US12041093B2

公开(公告)日：2024-07-16

申请号：US17533075

申请日：2021-11-22

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Lebin Cheng ,  Ravi Ithal ,  Sanjay Beri

IPC分类号： H04L9/40 ,  H04L47/20 ,  H04L67/306 ,  H04L67/53 ,  H04L67/56

CPC分类号： H04L63/20 ,  H04L47/20 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/1425 ,  H04L63/168 ,  H04L67/306 ,  H04L67/53 ,  H04L67/56

摘要： The technology disclosed relates to accessing a hosted service on a client device. In particular, the technology disclosed relates to receiving, on a client device of an entity's user, from a network security system, a forwarding rule for modifying requests for accessing a hosted service, receiving on the client device a request for accessing the hosted service, using the forwarding rule to modify the request for accessing the hosted service and generating a modified request for accessing the hosted service, and receiving on the client device a response from the network security system.

公开(公告)号：US20240089297A1

公开(公告)日：2024-03-14

申请号：US18508956

申请日：2023-11-14

申请人： Netskope, Inc.

发明人： Ravi Ithal ,  Krishna Narayanaswamy

IPC分类号： H04L9/40 ,  H04L67/02 ,  H04L69/22

CPC分类号： H04L63/20 ,  H04L63/0227 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/02 ,  H04L69/22 ,  H04L61/4511 ,  H04L63/0823

摘要： The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.

公开(公告)号：US11620402B2

公开(公告)日：2023-04-04

申请号：US17027556

申请日：2020-09-21

申请人： netSkope, Inc.

发明人： Ravi Ithal ,  Shaila Vasudev ,  Khurram Saqlain ,  Mahesh Gupta ,  Karan Mendiratta ,  Krishna Narayanaswamy

IPC分类号： G06F21/62 ,  H04L9/06 ,  G06F16/22 ,  G06F16/245 ,  H04L9/40 ,  H04L9/08 ,  G06F21/60 ,  H04L9/32

摘要： The technology disclosed teaches protecting sensitive data in the cloud via indexable databases. The method includes identifying sensitive fields of metadata for encryption and for hashing. The method also includes hashing at least partial values in the indexable sensitive fields to non-reversible hash values, concatenating the non-reversible hash values with the metadata for the network events, and encrypting the sensitive fields of metadata. Also included is sending the metadata for the network events, with the non-reversible hash values and the encrypted sensitive fields, to a remote database server that does not have a decryption key for the encrypted sensitive fields and that indexes the non-reversible hash values for indexed retrieval against the indexable sensitive fields. The disclosed technology also teaches retrieving sensitive information that is secured at rest: receiving a sensitive field query, hashing the query, querying and receiving network event metadata responsive to the query, and decrypting the metadata.

公开(公告)号：US11190540B2

公开(公告)日：2021-11-30

申请号：US16673922

申请日：2019-11-04

申请人： Netskope, Inc.

发明人： Sean Hittel ,  Krishna Narayanaswamy ,  Ravindra K. Balupari ,  Ravi Ithal

IPC分类号： H04L29/06 ,  G06F21/56 ,  G06F21/55 ,  G06F16/907

摘要： The technology disclosed relates to detecting a data attack on a local file system. The detecting includes scanning a list to identify files of the local file system that have been updated within a timeframe, reading payloads of files identified by the scanning, calculating current content properties from the payload of the files, obtaining historical content properties of the files, determining that a malicious activity is in process by analyzing the current content properties and the historical content properties to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current content properties and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the machine/user.

公开(公告)号：US11184398B2

公开(公告)日：2021-11-23

申请号：US16554482

申请日：2019-08-28

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Lebin Cheng ,  Ravi Ithal ,  Sanjay Beri

IPC分类号： H04L29/06 ,  H04L12/813 ,  H04L29/08

摘要： A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.

公开(公告)号：US10819749B2

公开(公告)日：2020-10-27

申请号：US15958637

申请日：2018-04-20

申请人： Netskope, Inc.

发明人： Ravi Ithal ,  Krishna Narayanaswamy

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L29/12

摘要： The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.

公开(公告)号：US09398102B2

公开(公告)日：2016-07-19

申请号：US14198499

申请日：2014-03-05

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Lebin Cheng ,  Ravi Ithal ,  Sanjay Beri

IPC分类号： H04L29/08 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/1425 ,  H04L63/168 ,  H04L67/20

摘要： A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.

摘要翻译： 描述了用于访问客户端设备上的托管服务的计算机实现的方法。 客户端设备包括使用远程传递的策略的客户端软件，将托管服务的网络请求重定向到服务器，以实现对网络传送服务的可见性，策略和数据安全性。 该方法可以与现有的VPN和代理解决方案结合使用，但提供了独特的附加功能，特别适合企业需求。 政策允许实体集中执行网络和通信渠道之间的服务特定限制，例如 只有某些用户可以从服务下载客户端记录，而不管用于访问服务的网络如何。

公开(公告)号：US20240346137A1

公开(公告)日：2024-10-17

申请号：US18750923

申请日：2024-06-21

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Ravi Ithal ,  Steve Malmskog ,  Shankaran Gnanashanmugam ,  Arjun Sambamoorthy ,  Chetan Anand ,  Prashanth Arun

IPC分类号： G06F21/55 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L67/1097 ,  H04W12/088

CPC分类号： G06F21/554 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/6218 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0872 ,  H04L9/3236 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/123 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458 ,  H04L67/1097 ,  H04W12/088 ,  H04L2463/061

摘要： A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

公开(公告)号：US20240323232A1

公开(公告)日：2024-09-26

申请号：US18732546

申请日：2024-06-03

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Lebin Cheng ,  Abhay Kulkarni ,  Ravi Ithal ,  Chetan Anand ,  Rajneesh Chopra

IPC分类号： H04L9/40 ,  G06F16/28 ,  G06F16/951 ,  G06F21/62

CPC分类号： H04L63/20 ,  G06F16/285 ,  G06F16/951 ,  G06F21/6209 ,  H04L63/0281 ,  H04L63/10 ,  H04L63/104 ,  H04L63/105 ,  H04L63/12

摘要： The technology disclosed relates to a proxy receiving a request to manipulate a data object on an independent object store. The proxy is interposed between a user system from which the request originates and the independent object store. The technology disclosed further relates to the proxy accessing a metadata store that contains object metadata for the data object and retrieving the object metadata. The technology disclosed further relates to the proxy enforcing a policy on the request based on the object metadata. Enforcing the policy further includes enforcing malware detection policies and threat detection policies.

公开(公告)号：US11750658B2

公开(公告)日：2023-09-05

申请号：US17189200

申请日：2021-03-01

申请人： Netskope, Inc.

发明人： Krishna Narayanaswamy ,  Ravi Ithal

IPC分类号： H04L9/40 ,  H04L69/22 ,  H04L67/02 ,  H04L61/4511

CPC分类号： H04L63/20 ,  H04L63/029 ,  H04L63/0227 ,  H04L63/0428 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/02 ,  H04L69/22 ,  H04L61/4511 ,  H04L63/0823

摘要： The technology disclosed relates to a network security system (NSS) that reduces latency in security enforcement. The NSS comprises a deployer. The deployer periodically updates performance bypass lists deployed to endpoint routing clients running on devices. The performance bypass lists identify exempt connection identifiers that are not subject to routing through a traffic inspection proxy (abbreviated TIP) and being used by the endpoint routing clients to classify incoming connection access requests as non-exempt or exempt. The TIP, in dependence upon the performance bypass list-based classification by the endpoint routing clients, inspects non-exempt incoming connection access requests and applies a policy, and remains agnostic to exempt incoming connection access requests.