System and method for threat-driven security policy controls
First Claim
Patent Images
1. A system comprising:
- a source machine;
a destination machine;
a policy compiler; and
an enforcement point communicatively coupled via a network to the source machine, the destination machine, and the policy compiler, the enforcement point including a processor and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method comprising;
acquiring a firewall security policy from the policy compiler;
receiving network traffic originating from the source machine and directed to the destination machine;
analyzing the network traffic using the firewall security policy;
forwarding or dropping the network traffic according to the firewall security policy;
redirecting one or more network packets of the network traffic according to the firewall security policy;
accumulating the network traffic and metadata associated with the network traffic; and
initiating an update to the firewall security policy by the policy compiler using at least one of the network traffic and the metadata, the initiating comprising;
receiving information associated with the source machine and the destination machine from an external system of record;
weighting one or more of a redirected network packet, further network traffic, the metadata, and the received information;
statistically analyzing the weighted one or more of the redirected network packet, the further network traffic, the metadata, and the received information to calculate an updated risk score; and
providing the updated risk score to the policy compiler, such that the policy compiler produces an updated firewall security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and media for a security system are provided herein. Exemplary methods may include: acquiring a firewall security policy from a policy compiler; receiving network traffic originating from a source machine and directed to a destination machine; analyzing the network traffic using the firewall security policy; forwarding or dropping each of the network traffic according to the security policy; and redirecting one or more network packets of the network traffic according to the security policy.
-
Citations
17 Claims
-
1. A system comprising:
-
a source machine; a destination machine; a policy compiler; and an enforcement point communicatively coupled via a network to the source machine, the destination machine, and the policy compiler, the enforcement point including a processor and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method comprising; acquiring a firewall security policy from the policy compiler; receiving network traffic originating from the source machine and directed to the destination machine; analyzing the network traffic using the firewall security policy; forwarding or dropping the network traffic according to the firewall security policy; redirecting one or more network packets of the network traffic according to the firewall security policy; accumulating the network traffic and metadata associated with the network traffic; and initiating an update to the firewall security policy by the policy compiler using at least one of the network traffic and the metadata, the initiating comprising; receiving information associated with the source machine and the destination machine from an external system of record; weighting one or more of a redirected network packet, further network traffic, the metadata, and the received information; statistically analyzing the weighted one or more of the redirected network packet, the further network traffic, the metadata, and the received information to calculate an updated risk score; and providing the updated risk score to the policy compiler, such that the policy compiler produces an updated firewall security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for operating an enforcement point comprising:
-
acquiring a firewall security policy from a policy compiler; receiving network traffic originating from a source machine and directed to a destination machine; analyzing the network traffic using the firewall security policy; forwarding or dropping each of the network traffic according to the firewall security policy; redirecting one or more network packets of the network traffic according to the firewall security policy; accumulating the network traffic and metadata associated with the network traffic; and initiating an update to the firewall security policy by the policy compiler using at least one of the network traffic and the metadata, the initiating comprising; receiving information associated with the source machine and the destination machine from an external system of record; weighting one or more of a redirected network packet, further network traffic, the metadata, and the received information; statistically analyzing the weighted one or more of the redirected network packet, the further network traffic, the metadata, and the received information to calculate an updated risk score; and providing the updated risk score to the policy compiler, such that the policy compiler produces an updated firewall security policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method, the method comprising:
-
acquiring a firewall security policy from a policy compiler; receiving network traffic originating from a source machine and directed to a destination machine; analyzing the network traffic using the firewall security policy; forwarding or dropping the network traffic according to the firewall security policy; accumulating the network traffic and metadata associated with the network traffic; and initiating an update to the firewall security policy by the policy compiler using at least one of the network traffic and the metadata, the initiating comprising; receiving information associated with the source machine and the destination machine from an external system of record; weighting one or more of a redirected network packet, further network traffic, the metadata, and the received information; statistically analyzing the weighted one or more of the redirected network packet, the further network traffic, the metadata, and the received information to calculate an updated risk score; and providing the updated risk score to the policy compiler, such that the policy compiler produces an updated firewall security policy.
-
Specification