发明名称 Dynamic user identification and policy enforcement in cloud-based secure web gateways
摘要 A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.
申请公布号 US9065800(B2) 申请公布日期 2015.06.23
申请号 US201213728631 申请日期 2012.12.27
申请人 Zscaler, Inc. 发明人 Devarajan Srikanth;Narasimhan Sridhar;Sinha Amit;Apte Manoj
分类号 H04L29/06;G06F21/51;G06F21/56 主分类号 H04L29/06
代理机构 Clements Bernard PLLC 代理人 Clements Bernard PLLC ;Baratta, Jr. Lawrence A.;Bernard Christopher L.
主权项 1. A cloud-based secure Web gateway, comprising: a network interface communicatively coupled to a network; a processor; and memory storing instructions that, when executed, cause the processor to: dynamically associate traffic received on the network interface with users, wherein the traffic comprises a combination of authenticated traffic and unknown traffic and the instructions, when executed, further cause the processor to dynamically associate authenticated Hypertext Transfer Protocol (HTTP) traffic to an associated user and dynamically associate unknown traffic from a destination Internet Protocol (IP) address to an associated user of the destination IP address;maintain the dynamic association over time;share the dynamic association with at least one additional cloud-based secure Web gateway;apply policies to the traffic based on the dynamic association, wherein the policies comprise one or more of allowing, blocking, or cautioning the traffic;log the traffic based on the policies and the dynamic association.
地址 San Jose CA US