Integrated security system having rule optimization

US 10,382,451 B2
Filed: 07/09/2018
Issued: 08/13/2019
Est. Priority Date: 11/03/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving one or more threats corresponding to a security device;

displaying the one or more threats and one or more rules generated in response to receiving the one or more threats;

displaying one or more other security devices affected by the one or more generated rules;

receiving configuration information for each of the security devices;

generating an optimal suggested placement of the one or more generated rules in a list of existing rules for each of the security devices;

displaying the optimal suggested placement of the one or more generated rules for each of the security devices;

modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the of the one or more generated rules for each of the security devices;

displaying the modified optimal suggested placement of the one or more generated rules for each of the security devices; and

selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.

Citations

11 Claims

1. A method, comprising:
- receiving one or more threats corresponding to a security device;
  
  displaying the one or more threats and one or more rules generated in response to receiving the one or more threats;
  
  displaying one or more other security devices affected by the one or more generated rules;
  
  receiving configuration information for each of the security devices;
  
  generating an optimal suggested placement of the one or more generated rules in a list of existing rules for each of the security devices;
  
  displaying the optimal suggested placement of the one or more generated rules for each of the security devices;
  
  modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the of the one or more generated rules for each of the security devices;
  
  displaying the modified optimal suggested placement of the one or more generated rules for each of the security devices; and
  
  selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein modifying the optimal suggested placement of the one or more generated rules includes:
    - modifying a rule placement position of the one or more generated rules within the list of existing rules for each of the security devices; and
      
      determining if the modified rule placement position of the one or more generated rules will lead to one or more anomalies.
  - 3. The method of claim 2, further comprising:
    - displaying, in response to determining that the modified rule placement position of the one or more generated rules leads to one or more anomalies, one or more recommendations to resolve the one or more anomalies.
  - 4. The method of claim 2, wherein the one or more anomalies includes redundancy.
  - 5. The method of claim 2, wherein modifying the optimal suggested placement of the one or more generated rules includes specifying, for the one or more generated rules, one or more security policies for incoming or outgoing IP traffic for each of the security devices.
  - 6. The method of claim 5, wherein the one or more security policies specify an action to allow trusted IP traffic or deny untrusted IP traffic for a respective one of the security devices.

7. A system comprising:
- one or more processors;
  
  one or more computer-readable memories;
  
  a rule analysis module that executes on the one or more processors, wherein the rule analysis module;
  
  receives one or more threats corresponding to a security device,receives configuration information for the security device and one or more other security devices affected by one or more rules which are generated in response to receiving the one or more threats,generates an optimal suggested placement of one or more generated rules in a list of existing rules for each of the security devices,modifies, based on an input on the one or more generated rules which are displayed, the optimal suggested placement of the one or more generated rules for each of the security devices;
  
  a threat control module that executes on the one or more processors, wherein the threat control module;
  
  displays the one or more threats and the one or more generated rules,displays one or more other security devices affected by the one or more generated rules,displays, for each of the security devices, the optimal suggested placement of the one or more generated rules in the list of existing rules, anddisplays, for each of the security devices, the modified optimal suggested placement of the one or more generated rules; and
  
  a policy deployment engine that executes on the one or more processors, wherein the policy deployment engine selectively deploys the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices based on an input of the displayed modified optimal suggested placement of the one or more generated rules.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein, to modify the optimal suggested placement of the one or more generated rules, the rule analysis module further:
    - modifies a rule placement position of the one or more generated rules within the list of existing rules for each of the security devices; and
      
      determines if the modified position of the one or more generated rules will lead to one or more anomalies.
  - 9. The system of claim 8, the threat control module further displays, in response to determining that the modified position of the one or more generated rules leads to one or more anomalies, one or more recommendations to resolve the one or more anomalies.
  - 10. The method of claim 7, wherein, to modify the optimal suggested placement of the one or more generated rules, the rule analysis module further specifies, for the one or more generated rules, one or more security policies for incoming or outgoing IP traffic for each of the security devices.
  - 11. The method of claim 10, wherein the one or more security policies specify an action to allow trusted IP traffic or deny untrusted IP traffic for a respective one of the security devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Bejarano Ardila, Oscar Leonardo, Manocha, Rakesh, Chavez, Rene, Nair Pushkala Devi, Pradeep Velappan, Khan, Nadeem, Betala, Mayank, Chasin, Andrew S.
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US16/030,330
Publication Number

US 20180332055A1
Time in Patent Office

400 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Integrated security system having rule optimization

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated security system having rule optimization

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links