Security policy unification across different security products
First Claim
1. A computer-implemented method comprising:
- displaying multiple icons, each icon representing an actor or a resource in a networking environment;
defining a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource, wherein the line represents;
that abilities between the actor and the resource are allowed or denied when the line has a first characteristic and a second characteristic, respectively;
that traffic between the actor and the resource is to be monitored or is not to be monitored when the line has a third characteristic and a fourth characteristic that include respective colors of the line that indicate that the traffic is to be monitored or is not to be monitored, respectively; and
a level of security risk when the line has a fifth characteristic that includes a color of the line that represents the level of the security risk;
translating the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices; and
supplying data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.
0 Assignments
0 Petitions
Accused Products
Abstract
A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
displaying multiple icons, each icon representing an actor or a resource in a networking environment; defining a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource, wherein the line represents;
that abilities between the actor and the resource are allowed or denied when the line has a first characteristic and a second characteristic, respectively;
that traffic between the actor and the resource is to be monitored or is not to be monitored when the line has a third characteristic and a fourth characteristic that include respective colors of the line that indicate that the traffic is to be monitored or is not to be monitored, respectively; and
a level of security risk when the line has a fifth characteristic that includes a color of the line that represents the level of the security risk;translating the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices; and supplying data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a network interface unit to connect with a network; and a processor coupled to the network interface unit to; generate for display multiple icons, each icon representing an actor or a resource in a networking environment; define a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource, wherein the line represents;
that abilities between the actor and the resource are allowed or denied when the line has a first characteristic and a second characteristic, respectively;
that traffic between the actor and the resource is to be monitored or is not to be monitored when the line has a third characteristic and a fourth characteristic that include respective colors of the line that indicate that the traffic is to be monitored or is not to be monitored, respectively; and
a level of security risk when the line has a fifth characteristic that includes a color of the line that represents the level of the security risk;translate the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices; and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium encoded with instructions that, when executed by a processor of a management device including a network interface unit to communicate with a network, cause the processor to perform operations including:
-
displaying multiple icons, each icon representing an actor or a resource in a networking environment; defining a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource, wherein the line represents;
that abilities between the actor and the resource are allowed or denied when the line has a first characteristic and a second characteristic, respectively;
that traffic between the actor and the resource is to be monitored or is not to be monitored when the line has a third characteristic and a fourth characteristic that include respective colors of the line that indicate that the traffic is to be monitored or is not to be monitored, respectively; and
a level of security risk when the line has a fifth characteristic that includes a color of the line that represents the level of the security risk;translating the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices; and supplying data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies. - View Dependent Claims (17, 18, 19, 20)
-
Specification