An attacker does not care which cloud a workload runs in, but the defender's tooling often does. Signals from AWS, Azure, and GCP land in separate consoles, so a coordinated intrusion that touches all three can look like three unrelated low-priority blips. Correlation across clouds is what turns those blips back into one visible attack.
Zscaler, Inc.'s US12464001B2, “Multi-cloud network analysis and threat intelligence correlation” (issued November 4, 2025; CPC H04L 63/1425 — anomaly monitoring, and H04L 63/1416 — network intrusion detection), describes correlating network analysis across clouds with threat intelligence. Read it at US12464001B2.
Mechanically, the system ingests network analysis from multiple cloud environments and joins it with threat intelligence so that related activity — the same actor, infrastructure, or technique appearing across providers — is recognized as a single campaign rather than scattered events. The correlation layer is what produces a coherent picture from inherently fragmented multi-cloud telemetry.
Why this is a business story for the markets desk: cross-cloud visibility is the consolidation thesis that drives security platform valuations. The market is paying a premium for vendors that can credibly claim one pane of glass across a fragmented cloud estate, because that breadth is what raises switching costs and net-retention — the metrics that justify high revenue multiples. This grant, issued late in 2025, is fresh evidence that Zscaler continues to invest in the cross-cloud correlation capability that anchors that platform story rather than ceding it to the cloud providers' native tools.
The grounded read: multi-cloud threat correlation reassembles an attack scattered across providers into one campaign by joining cross-cloud analysis with intelligence. Zscaler's 2025 grant names that capability — the cross-cloud-visibility thesis the market prices into security-platform multiples.