US 12,328,329 B2
Protecting serverless applications
Avraham Shulman, Tel Aviv (IL); Ory Segal, Tel Aviv (IL); and Shaked Yosef Zin, Tel Aviv-Jaffa (IL)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Mar. 12, 2024, as Appl. No. 18/602,353.
Application 18/602,353 is a continuation of application No. 16/161,110, filed on Oct. 16, 2018, granted, now 11,962,606.
Claims priority of provisional application 62/652,320, filed on Apr. 4, 2018.
Prior Publication US 2024/0250977 A1, Jul. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/029 (2013.01); H04L 63/1416 (2013.01)] 27 Claims
OG exemplary drawing
 
1. A method comprising:
protecting a serverless application that uses a serverless function with protection logic that inspects, within a runtime environment of the serverless function, inputs to the serverless function and outputs from the serverless function, wherein protecting the serverless application comprises,
inspecting event data to be input to a first instance of the serverless function and event context based on detection of an event that triggers the serverless function;
allowing the first instance of the serverless function to execute with input of the event data if determined to not include unsafe data;
determining whether behavior of the first instance of the serverless function conforms to normal behavior for the serverless function learned from observations of historical instances of the serverless function;
inspecting output of the first instance of the serverless function to determine whether the output contains unsafe data; and
raising a security action if the event data or the output is determined to contain unsafe data or if the behavior of the first instance of the serverless function does not conform to the normal behavior.