Systems and methods for security configuration
First Claim
1. A network security device comprising:
- a memory configured to;
store a plurality of network events; and
store a set of network filter rules; and
a hardware processor connected to the memory, the hardware processor configured to;
receive a change to a set of network rules;
perform a first simulation of network traffic allowed and denied according to the current set of network rules and a second simulation of network traffic allowed and denied according to the changed set of network rules, the first simulation and second simulation utilizing at least a portion of the network events;
evaluate the use of computational resources during the first and second simulation;
calculate an entropy of strings matching a wildcard of a new network rule of the changed set of network rules to determine if the changed network rule is too broad;
provide an indication of the changes in allowed and denied traffic and the entropy of the new network rule for review of the changed set of network rules;
provide an indication of a performance impact of the changed set of network rules or rejecting the changed set of rules if the performance impact crosses a threshold;
receive an instruction to implement the changed set of network rules based on the review; and
filter network traffic according to the changed set of network rules.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.
-
Citations
18 Claims
-
1. A network security device comprising:
-
a memory configured to; store a plurality of network events; and store a set of network filter rules; and a hardware processor connected to the memory, the hardware processor configured to; receive a change to a set of network rules; perform a first simulation of network traffic allowed and denied according to the current set of network rules and a second simulation of network traffic allowed and denied according to the changed set of network rules, the first simulation and second simulation utilizing at least a portion of the network events; evaluate the use of computational resources during the first and second simulation; calculate an entropy of strings matching a wildcard of a new network rule of the changed set of network rules to determine if the changed network rule is too broad; provide an indication of the changes in allowed and denied traffic and the entropy of the new network rule for review of the changed set of network rules; provide an indication of a performance impact of the changed set of network rules or rejecting the changed set of rules if the performance impact crosses a threshold; receive an instruction to implement the changed set of network rules based on the review; and filter network traffic according to the changed set of network rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for network security configuration, comprising:
-
receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of network traffic allowed and denied according to the current set of network rules and a second simulation of network traffic allowed and denied according to the changed set of network rules; evaluating the use of computational resources during the first and second simulation; calculating an entropy of strings matching a wildcard of a new network rule of the changed set of network rules to determine if the changed network rule is too broad; displaying the changes in allowed and denied traffic for review of the changed set of network rules; displaying an indication of a performance impact of the changed set of network rules or rejecting the changed set of rules if the performance impact crosses a threshold; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for network security configuration, comprising:
-
retrieving a plurality of network events; grouping and displaying the plurality of network events; receiving a changed network rule; simulating the effect of the changed network rule on the network events; using a processor to evaluate computational resources used by the changed network rule during the simulation and to reject the changed network rule if a performance impact crosses a threshold; calculating an entropy of strings matching a wildcard of the changed network rule to determine if the changed network rule is too broad; using a processor to evaluate the changed network rule based on a rule quality score crossing a threshold and to reject the changed network rule if the rule quality score crosses the threshold, the rule quality based at least in part on the calculated entropy; and filtering network traffic according to the changed network rule if the changed network rule is not rejected. - View Dependent Claims (15, 16, 17, 18)
-
Specification