Monitoring Entity Behavior using Organization Specific Security Policies
US-2019124118-A1 · Apr 25, 2019 · US
Systems and methods for traffic inspection via an embedded browser
US11265337B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11265337-B2 |
| Application number | US-201916402935-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 3, 2019 |
| Priority date | May 4, 2018 |
| Publication date | Mar 1, 2022 |
| Grant date | Mar 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Described embodiments provide systems and methods for traffic inspection via embedded browsers. An application inspector module of an embedded browser executable on a client may intercept network traffic for an application. The network traffic may include packets exchanged between the application and the server via a channel. The application inspector module may identify a computing resource usage on the client in providing a user with access to the application via the embedded browser. The application inspector module may generate analytics data based on the intercepted network traffic and the computing resource usage. The application inspector module may maintain a user behavior profile based on the analytics data. The application inspector module may determine that a portion of the network traffic directed to the remote server contains sensitive information. Responsive to the determination, the application inspector module may block or remove the portion of the network traffic.
First claim
Opening claim text (preview).
We claim: 1. A method of monitoring a network application, the method comprising: monitoring, by a client application on a client device, traffic of a first network application hosted on a server and at least one computing resource on the client device, the client application providing the client device with access to a plurality of network applications including the first network application via an embedded browser of the client application; generating, by the client application, analytics data according to the monitored traffic of the first network application and the monitored at least one computing resource on the client device; using, by the client application, a user behavior model having a set of weights determined using the analytics data, to identify anomalous activity associated with the first network application; and restricting, by the client application, in response to identifying the anomalous activity, access to the first network application. 2. The method of claim 1 , further comprising determining, by the client application using the user behavior model, whether to restrict first data in the monitored traffic. 3. The method of claim 2 , further comprising monitoring, by the client application, the first data including one or more operations on the embedded browser. 4. The method of claim 2 , further comprising determining, by the client application, a deviation measure between the first data and expected data generated by the user behavior model to determine whether to restrict the first data, the deviation measure indicating a degree of anomalousness in the first data. 5. The method of claim 1 , wherein monitoring the traffic further comprises monitoring the traffic exchanged via a secure communications channel between the first network application hosted on the server and the client device. 6. The method of claim 1 , wherein monitoring the traffic further comprising monitoring the traffic originating from the client device providing access to the first network application. 7. The method of claim 1 , wherein generating the analytics data further comprises acquiring second analytics data from a telemetry tracker to combine with the analytics data, the telemetry tracker having visibility to the traffic originating from the server hosting the first network application. 8. The method of claim 1 , wherein the analytics data includes at least one of a computing resource performance metric, a network traffic performance metric, or metadata. 9. The method of claim 1 , further comprising training, by the client application, the user behavior model using the analytics data. 10. The method of claim 1 , further comprising determining, by the client application via application of at least one policy, whether to restrict first data in the monitored traffic. 11. A system for monitoring a network application, the system comprising: an embedded browser of a client application executable on one or more processors of a client device, the embedded browser configured to monitor traffic of a first network application hosted on a server and at least one computing resource on the client device, the client application providing the client device with access to a plurality of network applications including the first network application; an analytics tracking engine of the client application executable on the one or more processors, the analytics tracking engine configured to generate analytics data according to the monitored traffic of the first network application and the monitored at least one computing resource on the client device; and a behavior modeler engine of the client application executable on the one or more processors, the behavior modeler engine configured to use a user behavior model having a set of weights determined using the analytics data, to identify anomalous activity associated with the first network application; and the client device configured to restrict, in response to identifying the anomalous activity, access to the first network application. 12. The system of claim 11 , wherein the client application is further configured to determine, using the user behavior model, whether to restrict first data in the monitored data. 13. The system of claim 12 , wherein the client application is further configured to monitor the first data including one or more operations on the embedded browser. 14. The system of claim 12 , wherein the client application is further configured to determine a deviation measure between the first data and expected data generated by the user behavior model to determine whether to restrict the first data, the deviation measure indicating a degree of anomalousness in the first data. 15. The system of claim 11 , wherein the analytics tracking engine is further configured to monitor the traffic exchanged via a secure communications channel between the first network application hosted on the server and the client device. 16. The system of claim 11 , wherein the analytics tracking engine is further configured to monitor the traffic originating from the client device providing access to the first network application. 17. The system of claim 11 , wherein the analytics tracking engine is further configured to acquire second analytics data from a telemetry tracker to combine with the analytics data, the telemetry tracker having visibility to the traffic originating from the server hosting the first network application. 18. The system of claim 11 , wherein the analytics data includes at least one of a computing resource performance metric, a network traffic performance metric, or metadata. 19. The system of claim 11 , wherein the behavior modeler engine is further configured to train the user behavior model using the analytics data. 20. The system of claim 11 , wherein the client application is further configured to determine, via application of at least one policy, whether to restrict first data in the monitored traffic.
Assignees
Inventors
Classifications
related to network devices · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
involving simulating, designing, planning or modelling of a network · CPC title
Generation of reports · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11265337B2 cover?
- Described embodiments provide systems and methods for traffic inspection via embedded browsers. An application inspector module of an embedded browser executable on a client may intercept network traffic for an application. The network traffic may include packets exchanged between the application and the server via a channel. The application inspector module may identify a computing resource us…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).