公开(公告)号：US20250158985A1

公开(公告)日：2025-05-15

申请号：US18389540

申请日：2023-11-14

Applicant: Palo Alto Networks, Inc.

Inventor： Madhusudhan Gopalappa ,  Tengda Shi ,  Xin Yao ,  Xun Zhou

IPC: H04L9/40

Abstract: Techniques for automated satellite device authentication to a portal for secure remote access are disclosed. In some embodiments, a system, a process, and/or a computer program product for automated satellite device authentication to a portal for secure remote access include receiving, at a portal, a serial number and an IP address associated with a new satellite for deployment in a large scale virtual private network (LSVPN) deployment; receiving, at the portal, the serial number and the IP address associated with the new satellite, wherein the new satellite is deployed at a remote location, and wherein the new satellite automatically sends the serial number and the IP address associated with the new satellite to the portal; and authenticating the new satellite at the portal using the serial number and the IP address associated with the new satellite.

公开(公告)号：US12301621B2

公开(公告)日：2025-05-13

申请号：US17938482

申请日：2022-10-06

Applicant: Palo Alto Networks, Inc.

Inventor： Yubao Zhang ,  Fang Liu ,  Peng Peng ,  Oleksii Starov

IPC: H04L9/40

Abstract: A hierarchical structure constructor constructs a hierarchical structure that comprises nodes associated with feature sets patterns of URLs. Nodes at each depth are labelled as malicious, benign, or mixed for corresponding to URLs that are malicious, benign, or malicious and benign that match the corresponding patterns. Malicious feature set patterns are extracted from malicious nodes in the hierarchical structure. A URL analyzer operates inline by logging traffic sessions, extracting URLs from the logs, and matching the extracted URLs with the malicious feature sets patterns extracted from the hierarchical structure. The hierarchical structure is periodically updated with known malicious/benign URLs to improve quality of malicious URL detection.

公开(公告)号：US20250150512A1

公开(公告)日：2025-05-08

申请号：US18665647

申请日：2024-05-16

Applicant: Palo Alto Networks, Inc.

Inventor： Ofer Ben-Noon ,  Ohad Bobrov ,  Guy Harpak ,  Eran Rom ,  Ido Salomon

IPC: H04L67/50 ,  H04L67/1396 ,  H04L67/306

Abstract: A method for monitoring activity of a user interacting with a digital resource of a group of digital resources accessible via a communications network, the method comprising: providing the user with a user equipment (UE) comprising a web browser configured to make motion of resources in the web browser visible to a processing hub associated with the group of digital resources; configuring responsive to a user profile comprising a user key performance indicator a monitoring mode for the web browser in accordance with which the browser operates to acquire monitoring data characterizing the user activity while interacting with a resource of the group of resources using the web browser; and determining whether a temporal configuration characterizing time dependence of the monitoring mode during a monitoring period of interest is a duty cycle monitoring mode or a continuous monitoring mode.

公开(公告)号：US20250141898A1

公开(公告)日：2025-05-01

申请号：US18499256

申请日：2023-11-01

Applicant: PALO ALTO NETWORKS, INC.

Inventor： Alok Tongaonkar ,  Venkatesh Pappakrishnan

IPC: H04L9/40

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention for protecting a cloud computing system. In these embodiments, security alerts pertaining to cloud-based resources of the system are received, and a plurality of attack paths traversing the cloud-based resources are identified. Respective impact scores for the cloud-based resources can then be computed based on respective counts of the identified attack paths traversing each of the cloud-based resources. Finally, the security alerts can be prioritized responsively to the respective impact scores of the cloud-based resources to which the security alerts pertain.

公开(公告)号：US20250131098A1

公开(公告)日：2025-04-24

申请号：US18492018

申请日：2023-10-23

Applicant: Palo Alto Networks, Inc.

Inventor： Ajaya Neupane ,  Ruben Dario Torres Guerra ,  Alok Tongaonkar

IPC: G06F21/57

Abstract: A resource attack path detector parses IAM policies to identify entities and permissions relating the entities. The resource attack path detector builds a directed graph that represents the entities, which includes principals and resources, with nodes and relates nodes based on permissions. The resource attack path detector indicates properties of the nodes and edges in the graph based on information about the entities. The attack path detector assigns weights to the nodes and edges based on the properties of the nodes and edges. After the graph is complete, the attack path detector can analyze the graph to reveal attack paths. The resource attack path detector scores attack paths and then ranks and/or filters the attack paths based on the scoring. In addition, the attack path detector can extract patterns from attack paths and create security rules with the extracted patterns.

公开(公告)号：US12271833B2

公开(公告)日：2025-04-08

申请号：US16371107

申请日：2019-03-31

Applicant: Palo Alto Networks, Inc.

Inventor： Jere Armas Michael Helenius ,  Nandan Gautam Thor ,  Gorkem Kilic ,  Juho Pekanpoika Parviainen ,  Erik Michael Bower

IPC: G06N5/048 ,  G06N3/044 ,  G06N3/08 ,  G06N20/20 ,  G06Q30/0202

Abstract: To automatically identify a sequence of recommended account/product pairs with highest likelihood of becoming a realized opportunity, an account/product sequence recommender uses an account propensity (AP) model and a reinforcement learning (RL) model and target engagement sequence generators trained on historical time series data, firmographic data, and product data. The trained AP model assigns propensity values to each product corresponding to received account characteristics. The trained RL model generates an optimal sequence of products that maximizes the reward over future realized opportunities. The target engagement sequence generators create target engagement sequences corresponding to the optimal sequence of products. The recommender prunes the optimal sequence of products based on the propensity values from the trained AP model, the completeness of these target engagement sequences, and a desired product sequence length. The recommender uses the remaining products, validated on three models, for account/product recommendations.

公开(公告)号：US20250112893A1

公开(公告)日：2025-04-03

申请号：US18930678

申请日：2024-10-29

Applicant: Palo Alto Networks, Inc.

Inventor： Nidhi Shah ,  Songling Han ,  Srikanth Ramachandran

IPC: H04L9/40

Abstract: Techniques for providing centralized identity redistribution for a security service are disclosed. In some embodiments, a system/process/computer program product for providing centralized identity redistribution for a security service includes receiving user context information (e.g., an IP-user mapping, a user-tag mapping, an IP-tag mapping, an IP-port-user mapping, an IP-device ID mapping, 5G user context information, and/or other user context information/data) at a security platform from a cloud security service; and applying a security policy at the security platform using the user context information.

公开(公告)号：US12267298B2

公开(公告)日：2025-04-01

申请号：US18892131

申请日：2024-09-20

Applicant: Palo Alto Networks, Inc.

Inventor： John Edward McDowall ,  Nilesh Bansal ,  Sharad Saha

IPC: H04L9/40 ,  G06F11/14

Abstract: Techniques for distributed traffic steering and enforcement for security solutions are disclosed. In some embodiments, a system, process, and/or computer program product for distributed traffic steering and enforcement for security solutions includes encapsulating an original traffic header for a monitored flow from/to a host or a container; rerouting the flow from the host or the container to a security platform of a security service; performing security analysis at the security platform using the original traffic header; and rerouting the flow back to the host or the container for routing to an original destination based on the original traffic header.

公开(公告)号：US12261853B2

公开(公告)日：2025-03-25

申请号：US18386969

申请日：2023-11-03

Applicant: Palo Alto Networks, Inc.

Inventor： Brody James Kutt ,  Oleksii Starov ,  Yuchen Zhou ,  William Redington Hewlett, II

IPC: H04L9/40 ,  G06N3/04

Abstract: Techniques for providing innocent until proven guilty (IUPG) solutions for building and using adversary resistant and false positive resistant deep learning models are disclosed. In some embodiments, a system, process, and/or computer program product includes storing a set comprising one or more innocent until proven guilty (IUPG) models for static analysis of a sample; performing a static analysis of content associated with the sample, wherein performing the static analysis includes using at least one stored IUPG model; and determining that the sample is malicious based at least in part on the static analysis of the content associated with the sample, and in response to determining that the sample is malicious, performing an action based on a security policy.

公开(公告)号：US20250097197A1

公开(公告)日：2025-03-20

申请号：US18960853

申请日：2024-11-26

Applicant: Palo Alto Networks, Inc.

Inventor： Charles Bransi ,  Steven Alsop

IPC: H04L9/40 ,  H04L45/74

Abstract: A virtual firewall configured with two interfaces assigned different security zones switches between Layer 3 routing and bump-in-the-wire (BITW) modes between sessions. After receiving a packet from a one-arm load balancer, an inner header is determined based on decapsulation which removes an outer header. A route lookup is performed based on the inner header to determine whether to communicate packets of the session with Layer 3 routing or according to the BITW model. The result of the route lookup indicates an egress interface. If the ingress and egress interfaces are the same, the firewall operates according to the BITW model for the session. If the egress and ingress interfaces are different, the firewall routes packets of the session with Layer 3 routing. Upon detection of subsequent packets, the firewall operates according to the determined mode for the session without performing additional inner header route lookups for operation mode determination.