×

Systems and methods for security configuration

  • US 10,659,498 B2
  • Filed: 05/31/2018
  • Issued: 05/19/2020
  • Est. Priority Date: 01/08/2016
  • Status: Active Grant
First Claim
Patent Images

1. A network security device comprising:

  • a memory configured to;

    store a plurality of network events; and

    store a set of network filter rules; and

    a hardware processor connected to the memory, the hardware processor configured to;

    receive a change to a set of network rules;

    perform a first simulation of network traffic allowed and denied according to the current set of network rules and a second simulation of network traffic allowed and denied according to the changed set of network rules, the first simulation and second simulation utilizing at least a portion of the network events;

    evaluate the use of computational resources during the first and second simulation;

    calculate an entropy of strings matching a wildcard of a new network rule of the changed set of network rules to determine if the changed network rule is too broad;

    provide an indication of the changes in allowed and denied traffic and the entropy of the new network rule for review of the changed set of network rules;

    provide an indication of a performance impact of the changed set of network rules or rejecting the changed set of rules if the performance impact crosses a threshold;

    receive an instruction to implement the changed set of network rules based on the review; and

    filter network traffic according to the changed set of network rules.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×