Security-connected framework
First Claim
Patent Images
1. A security controller apparatus for providing messaging services on a data exchange layer (DXL), comprising:
- a memory communicatively coupled to one or more processors;
a network interface;
a DXL services engine operable for providing an application programming interface (API) for connecting to a DXL enterprise service bus (ESB) via the network interface, wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; and
a domain security engine operable for consuming security events via the DXL, and configured for;
subscribing to a DXL security topic as a DXL consumer;
consuming a security event related to the DXL security topic via the DXL ESB;
as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message;
consolidating a plurality of DXL messages;
building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message;
publishing the context-sensitive security policy via a DXL message; and
providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL.
11 Assignments
0 Petitions
Accused Products
Abstract
In an example, a security-connected platform is provided on a data exchange layer (DXL), which provides messaging on a publish-subscribe model. The DXL provides a plurality of DXL endpoints connected via DXL brokers. In one case, DXL endpoints designated as producers are authorized to produce certain types of messages, including security-related messages such as object reputations. Other DXL endpoints are designated as consumers of those messages. A domain master may also be provided, and may be configured to provide physical and logical location services via an asset management engine.
40 Citations
19 Claims
-
1. A security controller apparatus for providing messaging services on a data exchange layer (DXL), comprising:
-
a memory communicatively coupled to one or more processors; a network interface; a DXL services engine operable for providing an application programming interface (API) for connecting to a DXL enterprise service bus (ESB) via the network interface, wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; and a domain security engine operable for consuming security events via the DXL, and configured for; subscribing to a DXL security topic as a DXL consumer; consuming a security event related to the DXL security topic via the DXL ESB; as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message; consolidating a plurality of DXL messages; building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message; publishing the context-sensitive security policy via a DXL message; and providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more non-transitory computer-readable storage mediums having stored thereon executable instructions operable for providing a data exchange layer (DXL) domain security engine operable for consuming security events via the DXL, and configured for:
-
communicatively coupling to a DXL enterprise security bus (ESB), wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; subscribing to a DXL security topic as a DXL consumer; consuming a security event related to the DXL security topic via the DXL ESB; as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message; consolidating a plurality of DXL messages; building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message; publishing the context-sensitive security policy via a DXL message; and providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method for providing domain security on a data exchange layer (DXL), comprising:
-
communicatively coupling to a DXL enterprise security bus (ESB), wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; subscribing to a DXL security topic as a DXL consumer; consuming a security event related to the DXL security topic via the DXL ESB; as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message; consolidating a plurality of DXL messages; building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message; publishing the context-sensitive security policy via a DXL message; and providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL.
-
Specification