Web Caching with Security as a Service
First Claim
1. A method comprising:
- intercepting, at a cloud connector device of a network, a request from a user for content;
when the content is not cached in the network;
redirecting the request to cloud-based security as a service server;
receiving the content from the cloud-based security as a service server;
routing the content to a cache server; and
receiving at a cloud connector identity-based security policy from the cloud-based security as a service server for the content;
when the content is cached in the network;
determining whether the request satisfies an identity-based security policy;
sending the request to the cache server when the request satisfies the identity-based security policy; and
rejecting the request when the request fails to satisfy the identity-based security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, Web-Cache deployed in the Enterprise premises and cloud-based SecaaS are combined such that similar identity-based polices are enforced on both the SecaaS and content delivered from the Web-Cache. This identity-based policy implementation outside the network using SecaaS and within the network for web-cached content provides consistent identity-based security while still providing content to end-users with high performance. Content inspected and/or modified by SecaaS may be cached in the enterprise premises so that requests for content from an origin server decreases, freeing Internet bandwidth and reducing access time. Local caching of streaming content may decrease latency while local implementation of identity-based policy continues to limit the streamed content as appropriate. Local implementation of identity-based policy may reduce the load on SecaaS. Rather than using content delivery networks provided by a service provider for web-content, a cache server within the enterprise is used.
28 Citations
22 Claims
-
1. A method comprising:
-
intercepting, at a cloud connector device of a network, a request from a user for content; when the content is not cached in the network; redirecting the request to cloud-based security as a service server; receiving the content from the cloud-based security as a service server; routing the content to a cache server; and receiving at a cloud connector identity-based security policy from the cloud-based security as a service server for the content; when the content is cached in the network; determining whether the request satisfies an identity-based security policy; sending the request to the cache server when the request satisfies the identity-based security policy; and rejecting the request when the request fails to satisfy the identity-based security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. Logic encoded in one or more non-transitory computer-readable media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving, within a network, identity-based security information from a security as a service server outside the network; receiving, from an identified source, a request for content cached within the network; verifying, with the identity-based security information, that the identified source is allowed access to the content cached within the network; and providing the content to the identified source. - View Dependent Claims (15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
a client device connected to a network, the client device configured to request content; and a gateway device of the network, the gateway device configured to restrict serving, in response to the request, of cached content within the network based on an identity-based security policy of a cloud-based security as a service. - View Dependent Claims (20)
-
-
21. A method comprising:
-
receiving, at a security service processor, a request for content from a host in an enterprise network; requesting the content from a web server; receiving from the web server the content in response to the request; filtering, by the security service processor, the content received from the web server; adjusting a freshness setting of the content, the freshness setting corresponding to caching; and transmitting the content with the adjusted freshness setting to the enterprise network as a response to the request. - View Dependent Claims (22)
-
Specification