Web caching with security as a service
First Claim
1. A method comprising:
- intercepting, at a cloud connector device of a network, a request from a user for content;
when the content is not cached in the network;
redirecting the request to a cloud-based security as a service server;
receiving the content from the cloud-based security as a service server;
routing the content to a cache server; and
receiving at a cloud connector identity-based security policy from the cloud-based security as a service server for the content;
when the content is cached in the network;
determining at the cloud connector device for the cached content whether the request satisfies an identity-based security policy that is a same policy as at the security as a service server;
sending the request to the cache server when the request satisfies the identity-based security policy; and
rejecting the request when the request fails to satisfy the identity-based security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, Web-Cache deployed in the Enterprise premises and cloud-based SecaaS are combined such that similar identity-based polices are enforced on both the SecaaS and content delivered from the Web-Cache. This identity-based policy implementation outside the network using SecaaS and within the network for web-cached content provides consistent identity-based security while still providing content to end-users with high performance. Content inspected and/or modified by SecaaS may be cached in the enterprise premises so that requests for content from an origin server decreases, freeing Internet bandwidth and reducing access time. Local caching of streaming content may decrease latency while local implementation of identity-based policy continues to limit the streamed content as appropriate. Local implementation of identity-based policy may reduce the load on SecaaS. Rather than using content delivery networks provided by a service provider for web-content, a cache server within the enterprise is used.
12 Citations
20 Claims
-
1. A method comprising:
-
intercepting, at a cloud connector device of a network, a request from a user for content; when the content is not cached in the network; redirecting the request to a cloud-based security as a service server; receiving the content from the cloud-based security as a service server; routing the content to a cache server; and receiving at a cloud connector identity-based security policy from the cloud-based security as a service server for the content; when the content is cached in the network; determining at the cloud connector device for the cached content whether the request satisfies an identity-based security policy that is a same policy as at the security as a service server; sending the request to the cache server when the request satisfies the identity-based security policy; and rejecting the request when the request fails to satisfy the identity-based security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. Logic encoded in one or more non-transitory computer-readable media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving, within a network, identity-based security information from a security as a service server outside the network; receiving, from an identified source, a request for content cached within the network; determining that the content is cached within the network, the cached content comprising content filtered by the cloud-based security as a service; verifying, with the identity-based security information, that the identified source is allowed access to the filtered content cached within the network; and providing the content to the identified source. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus comprising:
-
a client device connected to a network, the client device configured to request content; and a gateway device of the network, the gateway device configured to restrict serving, in response to the request, of cached content within the network based on an identity-based security policy received from a cloud-based security as a service. - View Dependent Claims (19)
-
-
20. A method comprising:
-
receiving, at a security service processor, a request for content from a host in an enterprise network; requesting the content from a web server; receiving from the web server the content in response to the request; filtering, by the security service processor, the content received from the web server; adjusting a freshness setting of the content, the freshness setting corresponding to caching; transmitting the content with the adjusted freshness setting to the enterprise network as a response to the request; and transmitting an identity-based security policy to a cloud connector in the enterprise network for providing the content from cache within the network using the identity-based security policy.
-
Specification