CPC H04L 67/1097 (2013.01) [G06F 9/45533 (2013.01); G06F 9/45558 (2013.01); H04L 12/4641 (2013.01); H04L 63/0209 (2013.01); H04L 63/20 (2013.01); H04L 67/10 (2013.01); H04L 67/52 (2022.05); G06F 2009/4557 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] | 18 Claims |
1. A computer-implemented method executed by one or more processors comprising:
maintaining a distributed network security service, the security service configured to perform operations comprising:
generating, for each of a plurality of client organizations, an associated node container;
executing, in each node container, one or more nodes that are each configured to act as an intermediary between clients of the associated client organization and sources outside the distributed network, and to examine i) traffic addressed to the clients of the associated client organization and originating from sources outside the distributed network; and ii) traffic addressed to the sources outside the distributed network and originating from the clients of the associated client organization;
maintaining, for each client organization, an associated unique node address that is not shared by any other client organization;
assigning each unique node address to at least one security container associated with the corresponding client organization;
receiving a Domain Name System (DNS) request from a requesting-client;
determining to which of the client organizations the requesting-client belongs; and
returning a selected unique node address that has been selected out of the unique node addresses based on the determined client organization to which the requesting-client belongs.
|