公开(公告)号：US12184696B2

公开(公告)日：2024-12-31

申请号：US17384618

申请日：2021-07-23

Applicant: NetSkope, Inc.

Inventor： Kartik Subbanna ,  Kand Ly ,  Amit Ganesh Datar

IPC: G06F16/23 ,  G06F3/0482 ,  G06F9/451 ,  G06F9/455 ,  G06F16/22 ,  H04L9/40 ,  H04L67/10 ,  H04L67/02

Abstract: The technology discloses a computer-implemented policy manager device for a cloud-based security system that manages cloud-based unified functions of packet-level and protocol-level access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic. Packet-level access control inspects packet headers for malformation, protocol-level access control performs deep packet inspection for malicious signatures, threat detection determines whether traffic in an HTTP/S stream as directed to a threat destination, and activity contextualization recognizes whether an activity in an HTTP/S stream accessing a cloud-based application is a compromising activity. Policy manager for a superset of fields specifying security policies across the cloud-based unified functions includes common fields shared by the unified functions, specification receiver handles policy specifications in a common format for values of the common fields, and policy manager is configured to validate, save and distribute policy specifications applicable to respective functions among the cloud-based unified functions.

公开(公告)号：US12069081B1

公开(公告)日：2024-08-20

申请号：US18398669

申请日：2023-12-28

Applicant: Netskope, Inc.

Inventor： Dagmawi Mulugeta ,  Wu-Sheng Lin ,  Colin Davidson Estep ,  Raymond Jospeh Canzanese, Jr. ,  Yong Zheng ,  Haoxin Hu ,  Yongxing Wang ,  Siying Yang

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0245 ,  H04L63/102 ,  H04L63/1433

Abstract: Presented is a network security system (NSS) that reliably detects malleable C2 traffic. The NSS intercepts outgoing transactions from user devices associated with user accounts. The NSS filters out transactions to known benign servers and analyzes remaining transactions for indicators of malleable command and control (C2) including heuristic, anomalous, and pattern-based detections. The NSS lowers the user confidence score associated with the user account or the user device based on the severity and number of detected indicators for each impacted outgoing transaction. When the user confidence score decreases below a threshold, the NSS implements a restricted security protocol for future outgoing transactions. Based on the detected indications, the NSS can identify malleable C2 attacker servers and add them to a blacklist of destination servers to further identify infected user accounts and devices.

公开(公告)号：US20240259434A1

公开(公告)日：2024-08-01

申请号：US18631478

申请日：2024-04-10

Applicant: Netskope, Inc.

Inventor： Krishna Narayanaswamy ,  Ajay Agrawal

IPC: H04L9/40 ,  G06F16/17 ,  G06F16/28 ,  G06F16/951 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F16/285 ,  G06F16/951 ,  G06F21/6209 ,  H04L63/0281 ,  H04L63/10 ,  H04L63/104 ,  H04L63/105 ,  H04L63/12 ,  G06F16/1734

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

公开(公告)号：US12041074B2

公开(公告)日：2024-07-16

申请号：US18345307

申请日：2023-06-30

Applicant: Netskope, Inc.

Inventor： Sean Hittel ,  Ravindra K. Balupari

IPC: H04L9/40 ,  G06F16/176 ,  G06F21/56 ,  G06F21/57 ,  G06F21/62 ,  H04L67/10

CPC classification number: H04L63/1433 ,  G06F16/176 ,  G06F21/56 ,  G06F21/577 ,  G06F21/6218 ,  H04L63/145 ,  H04L67/10 ,  G06F2221/034

Abstract: The technology disclosed relates to simulating spread of a malware in cloud applications. In particular, the technology disclosed relates to accessing sharing data for files shared between users via sync and share mechanisms of cloud applications, tracing connections between the users by traversing a directed graph constructed based on the sharing data, and simulating spread of a malware based on the traced connections to simulate user exposure to, infection by, and transmission of the malware. The connections are created as a result of syncing and sharing the files via the sync and share mechanisms. The malware is spread by syncing and sharing of infected ones of the files via the sync and share mechanisms.

公开(公告)号：US12021887B2

公开(公告)日：2024-06-25

申请号：US18306602

申请日：2023-04-25

Applicant: Netskope, Inc.

Inventor： Ravindra K. Balupari

IPC: H04L67/02 ,  H04L9/40 ,  H04L67/10

CPC classification number: H04L63/1425 ,  H04L63/0236 ,  H04L63/101 ,  H04L67/02 ,  H04L67/10

Abstract: The technology disclosed works in real time, as base and subordinate HTTP URL requests are received, to attribute subordinate HTTP URL requests to base web pages. The main case uses the “referer” or “referrer” HTTP header field for attribution, directly and through a referer hierarchy to the base web page. A second case, which minimizes false generation of base web page log entries, involves small files, such as cascading style sheets (CSS) files, that often have a blank or no referer field. The technology disclosed applies equivalently to hypertext transfer protocol secure (HTTPS) data (e.g., HTTPS transactions, requests, and/or events).

公开(公告)号：US11991213B2

公开(公告)日：2024-05-21

申请号：US18069146

申请日：2022-12-20

Applicant: Netskope, Inc.

Inventor： Joshua David Batson ,  Raymond Joseph Canzanese, Jr.

IPC: H04L9/40 ,  G06F16/901 ,  G06F16/906

CPC classification number: H04L63/20 ,  G06F16/9024 ,  G06F16/906

Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis, through graph-based clustering. The graph used to form clusters includes entities in the computer network represented as scored nodes, and relationships of entities as weighted edges. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the weighted edges. The propagated scores at visited nodes are normalized by attenuation based on contributing neighboring nodes of a respective visited node. An aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranked and prioritized for analysis, pursuant to the aggregate scores.

公开(公告)号：US11968269B1

公开(公告)日：2024-04-23

申请号：US18186019

申请日：2023-03-17

Applicant: Netskope, Inc.

Inventor： Parag Pritam Thakore ,  Sunil Mukundan ,  Anupam Rai

IPC: H04L67/141 ,  H04L12/46 ,  H04L45/02

CPC classification number: H04L67/141 ,  H04L12/4645 ,  H04L45/04

Abstract: A multi-tenant cloud native system for providing network connections between a plurality of gateway endpoints using tags and secure tunnels. The system includes an end-user device, a cloud control plane, and a cloud provider. The end-user device includes a client endpoint providing a request for establishing a network connection with a service endpoint of the gateway endpoint. Zones and tenants are identified from the request. Tags are assigned to the gateway endpoints in the network based on a tag policy. Connectivity of the tags and tunnels between the gateway endpoint are identified from network traffic of devices corresponding to the gateway endpoints. A database of devices with device addresses is identified to determine routes between the gateway endpoints. A secure tunnel is determined from the plurality of tunnels based on the tags corresponding to the tenant and the network connection is established via the secure tunnel using the routes.

公开(公告)号：US11907366B2

公开(公告)日：2024-02-20

申请号：US17871852

申请日：2022-07-22

Applicant: Netskope, Inc.

Inventor： Krishna Narayanaswamy

IPC: G06F21/55 ,  G06F21/62 ,  G06Q30/018 ,  G06F21/60 ,  G06F21/41 ,  G06F21/88 ,  H04L67/51 ,  G06F21/56

CPC classification number: G06F21/55 ,  G06F21/41 ,  G06F21/552 ,  G06F21/554 ,  G06F21/56 ,  G06F21/602 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/88 ,  G06Q30/018 ,  H04L67/51

Abstract: The technology disclosed teaches incident-driven and user-targeted data loss prevention that includes a CASB controlling infiltration via cloud-based services storing documents in use by organization users, by monitoring manipulation of the documents. The CASB identifies the cloud-based services that the particular user has access to and at least one document location on the cloud-based services to inspect for sensitive documents, in response to receiving an indication that user credentials have been compromised. The CASB performs deep inspection of documents identified as stored at the location and detects at least some sensitive documents. Based on the detected sensitive documents, the CASB determines an exposure for the organization due to the particular user.

公开(公告)号：US20240048581A1

公开(公告)日：2024-02-08

申请号：US18488683

申请日：2023-10-17

Applicant: Netskope, Inc.

Inventor： Srinivas Akella ,  Shahab Sheikh-Bahaei

IPC: H04L9/40 ,  G06F16/28 ,  G06F16/245

CPC classification number: H04L63/1425 ,  G06F16/285 ,  G06F16/245 ,  H04L63/1416

Abstract: Computer network anomaly detection systems and methods are disclosed. One embodiment includes retrieving one or more learned profiles for a group of networked computing devices included in a computer network from a database. For each pair of computing devices in the group, a pairwise distance matrix may be computed. Each pairwise distance in the pairwise distance matrix is computed based on a statistical data profile associated with each computing device in each pair of computing devices from the group. The statistical data profiles may be included in the learned profiles. Any pairwise distances that are greater than a threshold may be removed from the pairwise distance matrix to generate a reduced pairwise distance matrix. One or more computing devices associated with the remaining pairwise distances in the reduced pairwise distance matrix may be sorted into a cluster of computing devices. An anomaly score may be computed for the cluster.

公开(公告)号：US20240031389A1

公开(公告)日：2024-01-25

申请号：US18158696

申请日：2023-01-24

Applicant: Netskope, Inc.

Inventor： Raymond Joseph Canzanese, JR. ,  Colin Estep ,  Siying Yang ,  Jenko Hwong ,  Gustavo Palazolo Eiras ,  Yongxing Wang ,  Dagmawi Mulugeta

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/102

Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that trains a cloud traffic classifier to classify cross-application communications as malicious command and control (C2) traffic or benign cloud traffic. The training uses blocks of malicious Hypertext Transfer Protocol (HTTP) transactions targeted at a plurality of cloud applications by a plurality of clients prequalified as malicious command and control (C2) cloud traffic, and also blocks of benign HTTP transactions targeted at the plurality of cloud applications by the plurality of clients prequalified as benign cloud traffic. A cloud traffic classifier is trained on the cross-application malicious training example set and on the cross-application benign training example set by processing the blocks of the malicious and benign HTTP transactions as inputs, and generating outputs that classify the training examples as respectively malicious C2 cloud traffic or benign cloud traffic.