Systems and methods for creating and modifying access control lists
First Claim
Patent Images
1. A computer-implemented method comprising:
- collecting, by a computer system, data from a plurality of different types of sources on a network;
identifying, by the computer system based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network into one or more respective logic zones for association with respective control policies; and
presenting to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset and with the one or more respective logic zones.
4 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure can present information on services hosted and used by various assets on a network, and allow users to control access to such services. In particular, embodiments of the disclosure may be used to present one or more services hosted by a network asset, and control access to such services by other network assets based on user input.
111 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
collecting, by a computer system, data from a plurality of different types of sources on a network; identifying, by the computer system based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network into one or more respective logic zones for association with respective control policies; and presenting to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset and with the one or more respective logic zones. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18, 19, 20)
-
-
15. A tangible, non-transitory computer-readable medium storing instructions that, when executed, cause a computer system to:
-
collect data from a plurality of different types of sources on a network; identify, based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network into one or more respective logic zones for association with respective control policies; and present to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset and with the one or more respective logic zones.
-
-
16. A computer system comprising:
-
a processor; and memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; collect data from a plurality of different types of sources on a network; identify, based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network into one or more respective logic zones for association with respective control policies; present to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset and with the one or more respective logic zones.
-
Specification