Methods and systems for managing security policies
First Claim
1. A method, comprising:
- detecting security information from one or more security-enabled devices;
normalizing the security information; and
recording the normalized security information in a data repository.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, machines, and systems manage security policies of heterogeneous infrastructure and computing devices of a network. Security policy repository houses security policies that are pushed over the network by a policy decision point PDP to appropriate security-enabled devices (policy enforcement points (PEPs)) for enforcement. Using a closed feedback loop, a policy feedback point (PFP) collects and processes data from intrusions, alerts, violations, and other abnormal behaviors from a variety of PEPs or logs produced from PEPs. This data is sent as feedback to the policy repository. The PDP detects the data and analyzes it to determine if policy updates (which can be dynamic and automatic) need to be adaptively made and dynamically pushed to PEPs. The PDP can also send console messages or alerts to consoles or administrators.
279 Citations
24 Claims
-
1. A method, comprising:
-
detecting security information from one or more security-enabled devices;
normalizing the security information; and
recording the normalized security information in a data repository. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
distributing security policies from a policy repository to one or more security-enabled devices;
enforcing a number of the security policies on one or more of the security-enabled devices;
tracking security transactions on each of the one or more security-enabled devices; and
updating the policy repository based on the tracked security transactions. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system, comprising:
-
a policy repository having one or more security policies for a network;
a security-enabled device to enforce one or more of the security policies provided from the policy repository;
a feedback application to monitor security transactions on the security-enabled device and to update the policy repository with security information based on the security transactions. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. An article having a machine accessible medium having associated instructions, wherein the instructions, when executed, provide management for security policies within a network, the machine comprising at least one component performing:
-
pushing security policies from a policy repository to one or more security-enabled devices over a network;
enforcing, by the one or more security-enabled devices, the security policies;
monitoring security events occurring on the managed network;
normalizing security information associated with the security events; and
updating the policy repository with the normalized security information. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification