Methods and systems for managing security policies

US 20040193912A1
Filed: 03/31/2003
Published: 09/30/2004
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting security information from one or more security-enabled devices;

normalizing the security information; and

recording the normalized security information in a data repository.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, machines, and systems manage security policies of heterogeneous infrastructure and computing devices of a network. Security policy repository houses security policies that are pushed over the network by a policy decision point PDP to appropriate security-enabled devices (policy enforcement points (PEPs)) for enforcement. Using a closed feedback loop, a policy feedback point (PFP) collects and processes data from intrusions, alerts, violations, and other abnormal behaviors from a variety of PEPs or logs produced from PEPs. This data is sent as feedback to the policy repository. The PDP detects the data and analyzes it to determine if policy updates (which can be dynamic and automatic) need to be adaptively made and dynamically pushed to PEPs. The PDP can also send console messages or alerts to consoles or administrators.

279 Citations

24 Claims

1. A method, comprising:
- detecting security information from one or more security-enabled devices;
  
  normalizing the security information; and
  
  recording the normalized security information in a data repository.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising triggering a security policy change associated with a security policy based on at least a portion of the recorded normalized security information.
  - 3. The method of claim 1 further comprising evaluating a security policy based on at least a portion of the recorded normalized security information.
  - 4. The method of claim 1 wherein in detecting, the security information is detected using at least one of a security transaction protocol and a security transaction command line interface.
  - 5. The method of claim 1 wherein in detecting, the security information is associated with at least one of security intrusions, security alerts, security violations, and abnormal behaviors occurring on at least one of the security-enabled devices.
  - 6. The method of claim 1 wherein in recording, the normalized security information provides dynamic policy feedback to one or more security policies.

7. A method, comprising:
- distributing security policies from a policy repository to one or more security-enabled devices;
  
  enforcing a number of the security policies on one or more of the security-enabled devices;
  
  tracking security transactions on each of the one or more security-enabled devices; and
  
  updating the policy repository based on the tracked security transactions.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 wherein in distributing, the policy repository is at least one of a data warehouse, a database, and an electronic file.
  - 9. The method of claim 7 wherein in distributing, the one or more security-enabled devices include at least one of a firewall, a router, a switch, a network bridge, a gateway, a network hub, a client, a peripheral device, a security resource, an intrusion detection system, and a server.
  - 10. The method of claim 7 wherein in tracking, one or more automated applications detect when a security violation occurs on one or more of the security-enabled devices and traps security information for the security violation.
  - 11. The method of claim 7 wherein in updating, the recorded security transactions are translated into a normalized data format before being updated to the policy repository.

12. A system, comprising:
- a policy repository having one or more security policies for a network;
  
  a security-enabled device to enforce one or more of the security policies provided from the policy repository;
  
  a feedback application to monitor security transactions on the security-enabled device and to update the policy repository with security information based on the security transactions.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12 further comprising one or more policy decision point translators to push the one or more security policies from the policy repository to the security-enabled device for enforcement.
  - 14. The system of claim 13 wherein the one or more policy decision point translators retrieve the one or more security policies from the policy repository in an intermediate data format and use translator applications to translate the one or more security policies to a desired data format used by the security-enabled device for enforcement.
  - 15. The system of claim 12 wherein the policy repository is a collection of data stores logically assembled as the policy repository based on a specific schema.
  - 16. The system of claim 12 wherein the policy repository is remote from the policy repository.
  - 17. The system of claim 12 wherein feedback application utilizes security protocols of the security-enabled device to monitor security events on the network.
  - 18. The system of claim 12 wherein the feedback application normalizes the security information into a data format used by the policy repository before updating the policy repository with the security information.

19. An article having a machine accessible medium having associated instructions, wherein the instructions, when executed, provide management for security policies within a network, the machine comprising at least one component performing:
- pushing security policies from a policy repository to one or more security-enabled devices over a network;
  
  enforcing, by the one or more security-enabled devices, the security policies;
  
  monitoring security events occurring on the managed network;
  
  normalizing security information associated with the security events; and
  
  updating the policy repository with the normalized security information.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The article of claim 19 further comprising, instructions for dynamically using at least a portion of the updated normalized security information to adjust a number of the security policies.
  - 21. The article of claim 20 further comprising, instructions for dynamically triggering from the policy repository a number of security-related applications for execution based on at least a portion of the updated normalized security information.
  - 22. The article of claim 19 wherein in pushing, the policy repository interfaces with security authoring and editing applications.
  - 23. The article of claim 19 wherein in monitoring, native security protocols and commands used by the security-enabled devices are used to acquire the security information associated with security events occurring on the managed network.
  - 24. The article of claim 19 wherein in normalizing, the security information is translated from a native data format to an intermediate data format used by the policy repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Sahita, Ravi, Li, Hong C., Yadav, Satyendra

Granted Patent

US 10,110,632 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 41/08   Configuration management of...

H04L 41/0816   the condition being an adap...

H04L 41/085   Retrieval of network config...

H04L 41/0856   by backing up or archiving ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Methods and systems for managing security policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

279 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for managing security policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

279 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others