Automatic firewall configuration based on aggregated cloud managed information
First Claim
1. A method comprising:
- determining, by a cloud management device, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising;
calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, andcomparing the potential threat score to a threshold threat score;
in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identifying, by the cloud management device, a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and
for each client computing environment from the second set of client computing environments, independently configuring firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack;
wherein the first set of client computing environments is distinct from the second set of computing environments;
wherein the first set of firewalls is distinct from the second set of firewalls.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.
-
Citations
17 Claims
-
1. A method comprising:
-
determining, by a cloud management device, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising; calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, and comparing the potential threat score to a threshold threat score; in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identifying, by the cloud management device, a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and for each client computing environment from the second set of client computing environments, independently configuring firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack; wherein the first set of client computing environments is distinct from the second set of computing environments; wherein the first set of firewalls is distinct from the second set of firewalls. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A cloud management system comprising:
-
one or more computer processors; and a memory storing instructions that, when executed by the one or more computer processors, cause the cloud management system to; determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising; calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, and comparing the potential threat score to a threshold threat score; in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identify a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and for each client computing environment from the second set of client computing environments, independently configure firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack; wherein the first set of client computing environments is distinct from the second set of computing environments. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium storing instructions that, when executed by a cloud management device, cause the cloud management device to:
-
determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments protected by a first set of firewalls is likely to occur on other client computing environments distinct from the first set of computing environments, comprising; calculating a potential threat score of the security attack based on upon at least a number of detected occurrences within a specified time, number of times the security attack is detected, and vulnerability score assessed to the security attack, and comparing the potential threat score to a threshold threat score; in response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, identify a second set of client computing environments to protect from the security attack, the second set of client computing devices being protected by a second set of firewalls different that the first set of firewalls; and for each client computing environment from the second set of client computing environments, independently configure firewall settings of corresponding firewalls of the second set of firewalls to protect the second set of client computing environments from the security attack; wherein the first set of client computing environments is distinct from the second set of computing environments; wherein the first set of firewalls is distinct from the second set of firewalls. - View Dependent Claims (14, 15, 16, 17)
-
Specification