Patent attributes
The technology discloses processing incoming access requests of packets through cloud-based components that perform (a) packet-level access control and traffic inspection, (b) protocol-level access control and traffic inspection, (c) threat detection, and (d) activity contextualization, including a packet and stream router conveying each incoming access request of packets through all of components (a)-(d) that apply, at least until one of the components sets a restrictive state on at least one object corresponding to the incoming access request or until all of the components that apply have passed the incoming access request. The disclosed method also includes a restrictive state analyzer determining whether the first, second, third or fourth restrictive state has been set due to malformed packets, malicious signatures, requests directed to a threat destination or an activity classified as compromising, and based on setting of any of the states, taking restrictive steps in response to the incoming access request.