Automatic firewall configuration based on aggregated cloud managed information

US 10,567,344 B2
Filed: 08/23/2016
Issued: 02/18/2020
Est. Priority Date: 08/23/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a cloud management device, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising;

calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, andcomparing the potential threat score to a threshold threat score;

in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identifying, by the cloud management device, a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and

for each client computing environment from the second set of client computing environments, independently configuring firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack;

wherein the first set of client computing environments is distinct from the second set of computing environments;

wherein the first set of firewalls is distinct from the second set of firewalls.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.

Citations

17 Claims

1. A method comprising:
- determining, by a cloud management device, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising;
  
  calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, andcomparing the potential threat score to a threshold threat score;
  
  in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identifying, by the cloud management device, a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and
  
  for each client computing environment from the second set of client computing environments, independently configuring firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack;
  
  wherein the first set of client computing environments is distinct from the second set of computing environments;
  
  wherein the first set of firewalls is distinct from the second set of firewalls.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets received from a source associated with the security attack.
  - 3. The method of claim 1, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets transmitted to a destination port associated with the security attack.
  - 4. The method of claim 1, whereincalculating a potential threat score of the security attack is also based on a frequency at which the security attack is detected.
  - 5. The method of claim 1, wherein calculating a potential threat score of the security attack comprises:
    - determining that a number of client computing environments from the first set of client computing environments on which the security attack was detected is equal to or greater than a threshold number.
  - 6. The method of claim 1, further comprising:
    - receiving, from the first set of client computing environments, security event data that identifies security events detected on client computing environments from the first set of client computing environments.

7. A cloud management system comprising:
- one or more computer processors; and
  
  a memory storing instructions that, when executed by the one or more computer processors, cause the cloud management system to;
  
  determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising;
  
  calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, andcomparing the potential threat score to a threshold threat score;
  
  in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identify a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and
  
  for each client computing environment from the second set of client computing environments, independently configure firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack;
  
  wherein the first set of client computing environments is distinct from the second set of computing environments.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The cloud management system of claim 7, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets received from a source associated with the security attack.
  - 9. The cloud management system of claim 7, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets transmitted to a destination port associated with the security attack.
  - 10. The cloud management system of claim 7, wherein calculating a potential threat score of the security attack is also based ona frequency at which the security attack is detected.
  - 11. The cloud management system of claim 7, wherein calculating a potential threat score of the security attack comprises:
    - determining that a number of client computing environments from the first set of client computing environments on which the security attack was detected is equal to or greater than a threshold number.
  - 12. The cloud management system of claim 7, wherein the instructions further cause the cloud management system to:
    - receive, from the first set of client computing environments, security event data that identifies security events detected on client computing environments from the first set of client computing environments.

13. A non-transitory computer-readable medium storing instructions that, when executed by a cloud management device, cause the cloud management device to:
- determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising;
  
  calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, andcomparing the potential threat score to a threshold threat score;
  
  in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identify a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and
  
  for each client computing environment from the second set of client computing environments, independently configure firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack;
  
  wherein the first set of client computing environments is distinct from the second set of computing environments;
  
  wherein the first set of firewalls is distinct from the second set of firewalls.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable medium of claim 13, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets received from a source associated with the security attack.
  - 15. The non-transitory computer-readable medium of claim 13, wherein configuring firewall settings to protect from the security attack comprises:
    - configuring a firewall settings to block data packets transmitted to a destination port associated with the security attack.
  - 16. The non-transitory computer-readable medium of claim 13, wherein calculating a potential threat score of the security attack is also based ona frequency at which the security attack is detected.
  - 17. The non-transitory computer-readable medium of claim 13, wherein calculating a potential threat score of the security attack comprises:
    - determining that a number of client computing environments from the first set of client computing environments on which the security attack was detected is equal to or greater than a threshold number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Shanks, Robert, Altas, Daghan
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/245,092
Publication Number

US 20180063085A1
Time in Patent Office

1,274 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/146   Tracing the source of attacks

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Automatic firewall configuration based on aggregated cloud managed information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic firewall configuration based on aggregated cloud managed information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links