Integrated security system having rule optimization
First Claim
Patent Images
1. A method, comprising:
- receiving one or more threats corresponding to a security device;
displaying the one or more threats and one or more rules generated in response to receiving the one or more threats;
displaying one or more other security devices affected by the one or more generated rules;
receiving configuration information for each of the security devices;
generating an optimal suggested placement of the one or more generated rules in a list of existing rules for each of the security devices;
displaying the optimal suggested placement of the one or more generated rules for each of the security devices;
modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the of the one or more generated rules for each of the security devices;
displaying the modified optimal suggested placement of the one or more generated rules for each of the security devices; and
selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.
-
Citations
11 Claims
-
1. A method, comprising:
-
receiving one or more threats corresponding to a security device; displaying the one or more threats and one or more rules generated in response to receiving the one or more threats; displaying one or more other security devices affected by the one or more generated rules; receiving configuration information for each of the security devices; generating an optimal suggested placement of the one or more generated rules in a list of existing rules for each of the security devices; displaying the optimal suggested placement of the one or more generated rules for each of the security devices; modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the of the one or more generated rules for each of the security devices; displaying the modified optimal suggested placement of the one or more generated rules for each of the security devices; and selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
one or more processors; one or more computer-readable memories; a rule analysis module that executes on the one or more processors, wherein the rule analysis module; receives one or more threats corresponding to a security device, receives configuration information for the security device and one or more other security devices affected by one or more rules which are generated in response to receiving the one or more threats, generates an optimal suggested placement of one or more generated rules in a list of existing rules for each of the security devices, modifies, based on an input on the one or more generated rules which are displayed, the optimal suggested placement of the one or more generated rules for each of the security devices; a threat control module that executes on the one or more processors, wherein the threat control module; displays the one or more threats and the one or more generated rules, displays one or more other security devices affected by the one or more generated rules, displays, for each of the security devices, the optimal suggested placement of the one or more generated rules in the list of existing rules, and displays, for each of the security devices, the modified optimal suggested placement of the one or more generated rules; and a policy deployment engine that executes on the one or more processors, wherein the policy deployment engine selectively deploys the modified optimal suggested placement of the one or more generated rules in the list of existing rules for each of the security devices based on an input of the displayed modified optimal suggested placement of the one or more generated rules. - View Dependent Claims (8, 9, 10, 11)
-
Specification