Systems and methods for dynamic network security control and configuration
First Claim
1. A method, comprising:
- identifying virtual machines in a virtualized infrastructure, the virtual machines organized into groups, wherein each of the virtual machines is associated with a policy;
monitoring the virtual machines; and
in response to the monitoring, applying a first policy to a first virtual machine in a first group of the virtual machines, wherein applying the first policy comprises modifying a firewall configuration by changing an access control rule associated with the first virtual machine.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method according to one embodiment of the present disclosure includes identifying, by a computer system, an asset associated with a group; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset, modifying, by the computer system, a configuration setting for a firewall. Among other things, the embodiments of the present disclosure can perform dynamically configure and control security features in response to changes in the computing environment, including asset attribute changes, security events, operational events, user input and environmental changes. Embodiments of the present disclosure thereby help to quickly maintain or change the security posture of a system and maintain the level of compliance with set of predefined security benchmarks or codified best practices.
-
Citations
17 Claims
-
1. A method, comprising:
-
identifying virtual machines in a virtualized infrastructure, the virtual machines organized into groups, wherein each of the virtual machines is associated with a policy; monitoring the virtual machines; and in response to the monitoring, applying a first policy to a first virtual machine in a first group of the virtual machines, wherein applying the first policy comprises modifying a firewall configuration by changing an access control rule associated with the first virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
associating a policy with a first group; monitoring a plurality of virtual machines in a virtualized infrastructure, wherein the plurality of virtual machines includes a first virtual machine that is a member of the first group; detecting, based on the monitoring, a modification associated with the first virtual machine; in response to detecting the modification, changing the policy associated with the first group; and applying the changed policy to the first virtual machine, wherein the modification comprises a change in an access control rule for the first virtual machine.
-
-
16. A method, comprising:
-
storing data regarding a plurality of groups, each group associated with a subset of a plurality of virtual machines, the data further regarding a first virtual machine associated with a first group of the virtual machines, and the data comprising attribute data for the first virtual machine; monitoring the plurality of virtual machines; and in response to the monitoring, changing a first policy for the first virtual machine that modifies the association of the virtual machine with the first group, including a change in an access control rule for the first virtual machine. - View Dependent Claims (17)
-
Specification