Search

US-20260129080-A1 - RENDERING CONTEXTUAL SECURITY INFORMATION DETERMINED IN-BROWSER WITH WEB PAGES OF CLOUD AND SAAS VENDORS

US20260129080A1US 20260129080 A1US20260129080 A1US 20260129080A1US-20260129080-A1

Abstract

A browser extension produces a single view comprising content of web pages of a target vendor requested by a customer and corresponding security information for the target vendor maintained for the customer. Fingerprints of the target vendor's web page URLs and web page elements corresponding to resources, respectively, are determined. As the web browser retrieves web pages and the customer selects web page elements that identify resources, the browser extension matches URLs and/or HTML/XML syntactic patterns of the retrieved web pages to the fingerprints to determine the security information to obtain from backend storage. The type/granularity of information that is retrieved can vary depending on the identified fingerprint match. The browser extension retrieves security information corresponding to fingerprints for which matches are identified, generates security overviews therefrom, and integrates the security overviews into the requested web pages to generate a consolidated, multi-perspective view.

Inventors

  • Krishnan Shankar Narayan

Assignees

  • PALO ALTO NETWORKS, INC.

Dates

Publication Date
20260507
Application Date
20251231

Claims (20)

  1. 1 . A method comprising: integrating security information with web pages of a target vendor rendered by a web browser, wherein integrating security information with web pages of the target vendor rendered by the web browser comprises, by a browser extension of the web browser, detecting an event that triggers security overview generation for a first web page of the target vendor; determining first security information to retrieve for inclusion in a security overview based on at least one of the first web page and a uniform resource locator (URL) of the first web page, wherein the first security information is maintained by a security vendor for an account with the target vendor with which the detected event is associated; retrieving the first security information from the security vendor; generating a first security overview based on the first security information; integrating the first security overview into the first web page; and displaying the first security overview alongside the first web page based on rendering the first web page having the first security overview integrated.
  2. 2 . The method of claim 1 , wherein detecting the event that triggers security overview generation for the first web page of the target vendor comprises detecting retrieval of the first web page and determining that the URL of the first web page matches a first of a plurality of URL patterns of web pages of the target vendor.
  3. 3 . The method of claim 2 , wherein determining the first security information to retrieve comprises determining the first of the plurality of URL patterns to which the URL of the first web page matches.
  4. 4 . The method of claim 1 , wherein detecting the event that triggers security overview generation for the first web page of the target vendor comprises detecting selection of a first resource corresponding to a first web page element of the first web page.
  5. 5 . The method of claim 4 , wherein determining the first security information to retrieve for inclusion in a security overview comprises determining an identifier of the first resource based on the first web page element, and wherein retrieving the first security information comprises retrieving security information maintained by the security vendor for the first resource based on the identifier of the first resource, wherein the first security information comprises the security information of the first resource maintained by the security vendor.
  6. 6 . The method of claim 1 , wherein the target vendor is a cloud service provider (CSP) or a Software-as-a-Service (SaaS) application vendor, and wherein integrating security information with web pages of the target vendor comprises integrating security information with web pages of the CSP or web pages of the SaaS application vendor.
  7. 7 . The method of claim 1 , wherein integrating the first security overview into the first web page comprises modifying one or more documents of the first web page via a Document Object Model (DOM) of the first web page to incorporate the first security overview.
  8. 8 . The method of claim 1 , wherein rendering the first security overview alongside the first web page comprises rendering the first security overview in a side panel alongside the first web page.
  9. 9 . One or more non-transitory machine-readable media having program code stored thereon, the program code comprising instructions to: integrate security information with web pages of a target vendor rendered by a web browser, wherein the instructions to integrate security information with web pages of the target vendor rendered by the web browser comprise instructions to, by a browser extension of the web browser, detect an event that triggers security overview generation for a first web page of the target vendor; determine first security information to retrieve for inclusion in a security overview based on at least one of the first web page and a uniform resource locator (URL) of the first web page, wherein the first security information is maintained by a security vendor for an account with the target vendor with which the detected event is associated; retrieve the first security information from the security vendor; generate a first security overview based on the first security information; integrate the first security overview into the first web page; and display the first security overview alongside the first web page based on rendering of the first web page having the first security overview integrated.
  10. 10 . The non-transitory machine-readable media of claim 9 , wherein the instructions to detect the event that triggers security overview generation for the first web page of the target vendor comprise instructions to, detect retrieval of the first web page; evaluate the URL of the first web page based on a plurality of URL patterns of web pages of the target vendor to determine whether the URL matches any of the plurality of URL patterns; and determine that the URL of the first web page matches a first of the plurality of URL patterns.
  11. 11 . The non-transitory machine-readable media of claim 9 , wherein the instructions to detect the event that triggers security overview generation for the first web page of the target vendor comprise instructions to detect selection of a first resource corresponding to a first web page element of the first web page.
  12. 12 . The non-transitory machine-readable media of claim 9 , wherein the program code further comprises instructions to render the first security overview alongside the first web page, wherein the instructions to render the first security overview alongside the first web page comprise instructions to render the first security overview in a side panel alongside the first web page.
  13. 13 . The non-transitory machine-readable media of claim 9 , wherein the target vendor is a cloud service provider (CSP) or a Software-as-a-Service (Saas) application vendor, and wherein the instructions to integrate security information with web pages of the target vendor comprise instructions to integrate security information with web pages of the CSP or web pages of the SaaS application vendor.
  14. 14 . An apparatus comprising: a processor; and a non-transitory computer-readable medium having instructions stored thereon that are executable by the processor to cause the apparatus to, integrate security information with web pages of a target vendor rendered by a web browser, wherein the instructions executable by the processor to cause the apparatus to integrate security information with web pages of the target vendor rendered by the web browser comprise instructions executable by the processor to cause the apparatus to, by a browser extension of the web browser, detect an event that triggers security overview generation for a first web page of the target vendor; determine first security information to retrieve for inclusion in a security overview based on at least one of the first web page and a uniform resource locator (URL) of the first web page, wherein the first security information is maintained by a security vendor for an account with the target vendor with which the detected event is associated; retrieve the first security information from the security vendor; generate a first security overview based on the first security information; integrate the first security overview into the first web page; and display the first security overview alongside the first web page based on rendering of the first web page having the first security overview integrated.
  15. 15 . The apparatus of claim 14 , wherein the instructions executable by the processor to cause the apparatus to detect the event that triggers security overview generation for the first web page of the target vendor comprise instructions executable by the processor to cause the apparatus to, detect retrieval of the first web page; evaluate the URL of the first web page based on a plurality of URL patterns of web pages of the target vendor to determine whether the URL matches any of the plurality of URL patterns; and determine that the URL of the first web page matches a first of the plurality of URL patterns.
  16. 16 . The apparatus of claim 14 , wherein the instructions executable by the processor to cause the apparatus to detect the event that triggers security overview generation for the first web page of the target vendor comprise instructions executable by the processor to cause the apparatus to detect selection of a first resource corresponding to a first web page element of the first web page.
  17. 17 . The apparatus of claim 16 , wherein the instructions executable by the processor to cause the apparatus to determine the first security information to retrieve for inclusion in a security overview comprise instructions executable by the processor to cause the apparatus to determine an identifier of the first resource based on the first web page element, wherein the instructions executable by the processor to cause the apparatus to retrieve the first security information comprise instructions executable by the processor to cause the apparatus to retrieve security information maintained by the security vendor for the first resource based on the identifier of the first resource, wherein the first security information comprises the security information of the first resource maintained by the security vendor.
  18. 18 . The apparatus of claim 14 , wherein the target vendor is a cloud service provider (CSP) or a Software-as-a-Service (SaaS) application vendor, and wherein the instructions executable by the processor to cause the apparatus to integrate security information with web pages of the target vendor comprise instructions executable by the processor to cause the apparatus to integrate security information with web pages of the CSP or web pages of the SaaS application vendor.
  19. 19 . The apparatus of claim 14 , further comprising instructions executable by the processor to cause the apparatus to render the first security overview alongside the first web page, wherein the instructions executable by the processor to cause the apparatus to render the first security overview alongside the first web page comprise instructions executable by the processor to cause the apparatus to render the first security overview in a side panel alongside the first web page.
  20. 20 . The apparatus of claim 14 , wherein the instructions executable by the processor to cause the apparatus to integrate the first security overview into the first web page comprise instructions executable by the processor to cause the apparatus to modify one or more documents of the first web page via a Document Object Model (DOM) of the first web page to incorporate the first security overview.

Description

BACKGROUND The disclosure generally relates to digital data processing (e.g., CPC subclass G06F) and to information retrieval (e.g., CPC subclass G06F 16/00). Cloud service providers (CSPs) are providers of cloud computing technology that deliver computing resource in the cloud. With cloud computing, applications and other computing resources traditionally hosted on-premises are delivered by a CSP over the Internet. Cloud computing services provided by CSPs include Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (Saas), which provide cloud-based infrastructure, cloud-based platforms, and cloud-based applications, respectively. With the growing accessibility of cloud computing technology and the increasing prevalence of CSPs, an increasing number of vendors are adopting cloud computing technology for delivery of hardware technology and/or software technology in addition to or in lieu of offering on-premises solutions. BRIEF DESCRIPTION OF THE DRAWINGS Aspects of the disclosure may be better understood by referencing the accompanying drawings. FIG. 1 is a conceptual diagram of integrating security information maintained by a security vendor with web pages of a cloud or cloud-based technology vendor. FIG. 2 is a conceptual diagram of an exemplary GUI depiction of a security overview integrated with a web page of a target vendor. FIG. 3 is a flowchart of example operations for integrating contextual security information with requested web pages of a target vendor in-browser. FIG. 4 is a flowchart of example operations for generating and displaying a security overview for content of a requested web page. FIG. 5 is a flowchart of example operations for generating and displaying a security overview of a resource based on detecting interaction a web page element. FIG. 6 is a flowchart of example operations for onboarding a vendor for supporting in-browser integration of security overviews based on web page content. FIG. 7 depicts an exemplary GUI depiction comprising information about a selected resource in instances where the target vendor natively supports in-browser integration of contextual security information. FIG. 8 depicts an example computer system with a contextual security information integrator. DESCRIPTION The description that follows includes example systems, methods, techniques, and program flows that embody aspects of the disclosure. However, it is understood that this disclosure may be practiced without these specific details. For instance, this disclosure refers to generating security overviews for services offered by a CSP in illustrative examples. Aspects of this disclosure can be also applied to services, features, and/or other functionality offered by a SaaS application vendor/provider. In other instances, well-known instruction instances, protocols, structures and techniques have not been shown in detail in order not to obfuscate the description. Terminology This description uses shorthand terms related to cloud technology for efficiency and ease of explanation. When referring to “a cloud” or “cloud environment,” this description is referring to the resources of a CSP, also referred to as cloud resources. For instance, a cloud can encompass the servers, virtual machines, storage devices, and other cloud resources of a CSP. In more general terms, a cloud resource is a resource owned/managed by the CSP entity that is accessible via network connections. Often, the access is in accordance with an application programming interface (API) or software development kit provided by the CSP. This description uses the phrase “browser extension” to refer to software for adding custom functionality to a web browser. Browser extensions can extend the functionality of a web browser through various APIs supported by the web browser. Different web browsers may use varying terminology to refer to software having these capabilities, such as “add-ons.” As used herein, “browser extension” refers to the software used by any web browser for supporting web browser customization. Use of the phrase “at least one of” preceding a list with the conjunction “and” should not be treated as an exclusive list and should not be construed as a list of categories with one item from each category, unless specifically stated otherwise. A clause that recites “at least one of A, B, and C” can be infringed with only one of the listed items, multiple of the listed items, and one or more of the items in the list and another item not listed. Overview Security vendors are increasingly adapting to the shift towards cloud computing by providing cloud or SaaS security solutions to customers. Since the infrastructure underlying these cloud-based targets of protection (i.e., a SaaS application or cloud environment) are hosted offsite and owned by CSPs rather than being hosted on-premises by the customer, these security solutions utilize APIs offered by vendors of these cloud-based protection targets (