Methods and systems for managing security policies
First Claim
1. A method comprising:
- dynamically detecting, on a first security device, security information obtained from a second security-enabled device over a network connection between the first security device and the second security-enabled device, wherein the security information is related to activity occurring on the second security-enabled device detected by a security mechanism of the second security-enabled device and produced in a first data format specific to the security mechanism that is already processing on the second security-enabled device;
normalizing the security information from the first data format into an intermediate data format before being processed by the first security device;
recording the normalized security information in a data repository; and
dynamically pushing from the first security device a security policy in response to the normalized security information to the second security-enabled device over the network in the first data format for enforcement on the second security-enabled device, and wherein enforcement occurs on the second security-enabled device, and wherein the security policy is an executable script and the security-enabled device automatically and dynamically executes the executable script to provide adaptive and dynamic security policy detection and enforcement.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, machines, and systems manage security policies of heterogeneous infrastructure and computing devices of a network. Security policy repository houses security policies that are pushed over the network by a policy decision point PDP to appropriate security-enabled devices (policy enforcement points (PEPs)) for enforcement. Using a closed feedback loop, a policy feedback point (PFP) collects and processes data from intrusions, alerts, violations, and other abnormal behaviors from a variety of PEPs or logs produced from PEPs. This data is sent as feedback to the policy repository. The PDP detects the data and analyzes it to determine if policy updates (which can be dynamic and automatic) need to be adaptively made and dynamically pushed to PEPs. The PDP can also send console messages or alerts to consoles or administrators.
25 Citations
24 Claims
-
1. A method comprising:
-
dynamically detecting, on a first security device, security information obtained from a second security-enabled device over a network connection between the first security device and the second security-enabled device, wherein the security information is related to activity occurring on the second security-enabled device detected by a security mechanism of the second security-enabled device and produced in a first data format specific to the security mechanism that is already processing on the second security-enabled device; normalizing the security information from the first data format into an intermediate data format before being processed by the first security device; recording the normalized security information in a data repository; and dynamically pushing from the first security device a security policy in response to the normalized security information to the second security-enabled device over the network in the first data format for enforcement on the second security-enabled device, and wherein enforcement occurs on the second security-enabled device, and wherein the security policy is an executable script and the security-enabled device automatically and dynamically executes the executable script to provide adaptive and dynamic security policy detection and enforcement. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
dynamically and centrally distributing security policies from a policy repository on a first device to one or more security-enabled devices, wherein the policy is distributed as a file or parameters and in specific recognized formats by existing security mechanisms processing on the one or more security enabled devices; dynamically enforcing a number of the security policies on one or more of the security-enabled devices; dynamically tracking security transactions on each of the one or more security-enabled devices, wherein each of the one or more security-enabled devices use its own security mechanism to record its security transactions in its own specific data format and normalizing security information associated with the security transactions before processing the security transactions; updating the policy repository on the first device based on the tracked security transactions; and dynamically pushing a dynamically created or dynamically altered security policy to one or more of the security-enabled device from the first device in response to the updated policy repository in the specific formats recognized by the one or more security-enabled devices, the altered security policy is a script and each of the one or more security-enabled devices automatically and dynamically execute the script to provide adaptive and dynamic security policy enforcement. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system, comprising:
-
a policy repository having one or more security policies for a network and administered from a first device over a network; a security-enabled device to enforce one or more of the security policies dynamically provided from the policy repository via the first device, the security policies are scripts and the security-enabled device automatically and dynamically is to execute the scripts to provide adaptive and dynamic security policy enforcement, wherein the security enabled device is externally accessed over the network from the first device, and wherein the security-enabled device uses its own security mechanism to monitor and capture information about security transactions occurring on the security-enabled device and has its own specific data format for monitoring and capturing the information and wherein the security policies are supplied in that specific data format to the security mechanism; a feedback application to dynamically monitor security transactions on the security-enabled device and to dynamically update the policy repository on the first device with security information based on the security transactions, and wherein security information associated with the security transactions are normalized into a normalized data format before the feedback application processes the security transactions. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory machine-readable medium having executable instructions that when executed by a machine, perform a method to:
-
dynamically push security policies from a policy repository on a first device to one or more security-enabled devices over a network in data formats specifically recognized and used by the one or more security-enabled devices, the policy is a script and each of the one or more security-enabled devices is to automatically and dynamically execute the script to provide adaptive and dynamic security policy enforcement; dynamically enforce, by the one or more security-enabled devices, the security policies in each of the data formats recognized and used; dynamically monitor security events occurring on the managed network from the first device, wherein the security events are independently captured by each of the one or more security-enabled devices in each of the one or more security-enabled device'"'"'s data format; dynamically normalize security information associated with the security events on the first device before the security information is processed, wherein the each independent data format for the security events are normalized to a intermediate format before being processing by the first device; and dynamically update the policy repository with the normalized security information on the first device, and wherein in response to the normalized security information a policy decision translator sends an alert with policy change information included within the alert when no change occurs in existing policy and when an end-user is to be notified of a suggested policy change via the policy change information, wherein the end-user is associated with the first device. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification