Dynamic user identification and policy enforcement in cloud-based secure web gateways
First Claim
1. A cloud-based secure Web gateway, comprising:
- a network interface communicatively coupled to a network;
a processor; and
memory storing instructions that, when executed, cause the processor to;
dynamically associate traffic received on the network interface with users, wherein the traffic comprises a combination of authenticated traffic and unknown traffic and the instructions, when executed, further cause the processor to dynamically associate authenticated Hypertext Transfer Protocol (HTTP) traffic to an associated user and dynamically associate unknown traffic from a destination Internet Protocol (IP) address to an associated user of the destination IP address;
maintain the dynamic association over time;
share the dynamic association with at least one additional cloud-based secure Web gateway;
apply policies to the traffic based on the dynamic association, wherein the policies comprise one or more of allowing, blocking, or cautioning the traffic;
log the traffic based on the policies and the dynamic association.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.
47 Citations
18 Claims
-
1. A cloud-based secure Web gateway, comprising:
-
a network interface communicatively coupled to a network; a processor; and memory storing instructions that, when executed, cause the processor to; dynamically associate traffic received on the network interface with users, wherein the traffic comprises a combination of authenticated traffic and unknown traffic and the instructions, when executed, further cause the processor to dynamically associate authenticated Hypertext Transfer Protocol (HTTP) traffic to an associated user and dynamically associate unknown traffic from a destination Internet Protocol (IP) address to an associated user of the destination IP address; maintain the dynamic association over time; share the dynamic association with at least one additional cloud-based secure Web gateway; apply policies to the traffic based on the dynamic association, wherein the policies comprise one or more of allowing, blocking, or cautioning the traffic; log the traffic based on the policies and the dynamic association. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cloud-based secure Web method, comprising:
-
dynamically associating traffic received on a network interface with users, wherein the traffic comprises a combination of authenticated traffic and unknown traffic, and wherein the dynamically associating comprises dynamically associating authenticated Hypertext Transfer Protocol (HTTP) traffic to an associated user, and dynamically associating unknown traffic from a destination Internet Protocol (IP) address to an associated user of the destination IP address; maintaining the dynamic association over time; sharing the dynamic association with a plurality of cloud-based secure Web gateways which are part of a distributed security system; applying policies to the traffic based on the dynamic association, wherein the policies comprise one or more of allowing, blocking, or cautioning the traffic; and logging the traffic based on the policies and the dynamic association. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A network, comprising:
-
a distributed cloud-based security system coupled to the Internet; a plurality of cloud-based secure Web gateways within the distributed cloud-based security system; and a plurality of users accessing the Internet through the distributed cloud-based security system; wherein each of the plurality of cloud-based secure Web gateways is configured to; dynamically associate traffic received on a network interface with individual users of the plurality of users, wherein the traffic comprises a combination of authenticated traffic and unknown traffic, wherein authenticated Hypertext Transfer Protocol (HTTP) traffic is dynamically associated to an associated user and unknown traffic from a destination Internet Protocol (IP) address is dynamically associated to an associated user of the destination IP address; maintain the dynamic association over time; share the dynamic association between the plurality of cloud-based secure Web gateways via a central authority; apply policies to the traffic based on the dynamic association, wherein the policies comprise one or more of allowing, blocking, or cautioning the traffic; and log the traffic based on the policies and the dynamic association.
-
Specification