| CPC H04L 63/0254 (2013.01) [H04L 43/028 (2013.01); H04L 63/0218 (2013.01); H04L 67/10 (2013.01)] | 18 Claims |
|
1. A method implemented by a cloud-based system comprising steps of:
responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device;
stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions and the security policies includes a plurality of rules, wherein the stream scanning includes applying the plurality of rules to packets associated with the traffic for pattern matching, maintaining a state of the pattern matching across packet boundaries while not buffering any of the traffic where there are a plurality of patterns each broken intro parts for monitoring across the packet boundaries, and determining the pattern matching based on the state utilizing a rule option Directed Acyclic Graph (DAG) to track the plurality of patterns wherein the DAG defines a dependency determined by a rule option modifier; and
one of allowing and blocking the traffic based on the pattern matching of the stream scanning.
|