Integrated security system having rule optimization

US 10,021,115 B2
Filed: 12/30/2015
Issued: 07/10/2018
Est. Priority Date: 11/03/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving one or more threats corresponding to a security device;

displaying the one or more threats and one or more rules generated in response to receiving the one or more threats;

receiving configuration information on the one or more generated rules;

generating an optimal suggested placement of the one or more generated rules in a list of existing rules for the security device;

modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the one or more generated rules, wherein modifying the optimal suggested placement of the one or more generated rules includes determining if the modification will lead to one or more anomalies;

in response to the modifying the optimal suggested placement of the one or more generated rules, generating a rule anomalies analysis report of any anomalies resulting from the modification;

displaying the modified optimal suggested placement of the one or more generated rules;

displaying the rule anomalies analysis report; and

selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules of the security device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.

61 Citations

View as Search Results

12 Claims

1. A method, comprising:
- receiving one or more threats corresponding to a security device;
  
  displaying the one or more threats and one or more rules generated in response to receiving the one or more threats;
  
  receiving configuration information on the one or more generated rules;
  
  generating an optimal suggested placement of the one or more generated rules in a list of existing rules for the security device;
  
  modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the one or more generated rules, wherein modifying the optimal suggested placement of the one or more generated rules includes determining if the modification will lead to one or more anomalies;
  
  in response to the modifying the optimal suggested placement of the one or more generated rules, generating a rule anomalies analysis report of any anomalies resulting from the modification;
  
  displaying the modified optimal suggested placement of the one or more generated rules;
  
  displaying the rule anomalies analysis report; and
  
  selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules of the security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the one or more anomalies include shadowing.
  - 3. The method of claim 1, wherein the one or more anomalies include redundancy.
  - 4. The method of claim 1, wherein receiving configuration information includes defining IP traffic.
  - 5. The method of claim 4, wherein defining IP traffic includes defining at least one of a source zone, an IP address, or source user identification.
  - 6. The method of claim 4, wherein generating the optimal suggested placement is based on the defined IP traffic.
  - 7. The method of claim 1, wherein receiving configuration information includes defining an advanced security parameter to the one or more rules.
  - 8. The method of claim 7, wherein defining an advanced security parameter includes defining at least one rule action, advanced security, application firewall, SSL proxy, intrusion prevention system, unified threat management, or security intelligence.
  - 9. The method of claim 7, wherein generating the optimal suggested placement is based on the defined advanced security parameter.

10. A system comprising:
- one or more processors;
  
  one or more computer-readable memories;
  
  a rule analysis module that executes on one or more processors, wherein the rule analysis module;
  
  receives one or more threats corresponding to a security device,generates an optimal suggested placement of one or more generated rules in a list of existing rules for the security device,modifies, based on an input on the one or more generated rules which are displayed, the optimal suggested placement of the one or more generated rules, wherein, to modify the optimal suggested placement of the one or more generated rules includes determining if the modification will lead to one or more anomalies, andgenerates, in response to the modification, a rule anomalies analysis report of any anomalies resulting from the modification; and
  
  a threat control module that executes on one or more processors, wherein the threat control module;
  
  displays the one or more threats and the one or more generated rules which are generated in response to receiving the one or more threats,displays the optimal suggested placement of the one or more generated rules in the list of existing rules,displays the modified optimal suggested placement of the one or more generated rules, anddisplays the rule anomalies analysis report; and
  
  a policy deployment engine that executes on one or more processors, wherein the policy deployment engine selectively deploys the modified optimal suggested placement of the one or more generated rules in the list of existing rules of the security device based on an input of the displayed modified optimal suggested placement of the one or more generated rules.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10, wherein the rule analysis module further determines the optimal suggested placement of the one or more rules based on a defined IP traffic.
  - 12. The system of claim 10, wherein the rule analysis module further determines the optimal suggested placement of the one or more rules based on an advanced security parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Bejarano Ardila, Oscar Leonardo, Manocha, Rakesh, Chavez, Rene, Nair Pushkala Devi, Pradeep Velappan, Khan, Nadeem, Betala, Mayank, Chasin, Andrew S.
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US14/983,999
Publication Number

US 20170126740A1
Time in Patent Office

923 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Integrated security system having rule optimization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated security system having rule optimization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links