System and method for rapid response network policy implementation
First Claim
1. A method for responding to one or more triggers involving a plurality of network devices of a network system, the method comprising the steps of:
- a. installing on one or more of the plurality of network devices, prior to detection of the one or more triggers, one or more policy sets, one or more policy enforcement rule (PER) sets, or a combination of policy and PER sets, associated with usage of the network system;
b. designating each of the policy sets and PER sets with a unique rapid response identifier;
c. monitoring the network system for the one or more triggers;
d. upon detection of one or more triggers deemed to require a response, selecting one or more policy sets and/or PER sets deemed responsive to the one or more triggers; and
e. instructing one or more of the one or more network devices to implement the selected one or more policy sets and/or PER sets by communicating thereto one or more of the rapid response identifiers associated with the selected one or more policy sets and/or PER sets.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for rapidly responding to triggering events or activities in a network system. The system includes a policy enforcement function, a policy manager function, and one or more network devices of the network system. The policy enforcement function includes one or more installed policy sets and/or policy enforcement rule sets suitably responsive to triggering events or activities. Upon detection of a trigger, the policy manager function analyzes the trigger and selects one or more appropriate policy sets and/or policy enforcement rule sets deemed to be responsive to the trigger. Each set has a unique rapid response identifier. The policy manager function signals for implementation of the one or more policy and/or rule sets, based on one or more rapid response identifiers, which are enforced through the policy enforcement function. The policy enforcement function may be a part of one or more of the one or more network infrastructure devices for implementing the policy change. The system and method enable rapid response to a detected trigger (which might be a manual input) by pre-installing responsive policy and/or rule sets first and then generating and transmitting the unique rapid response identifier(s) corresponding to one or more selected policy and/or rule sets for implementation. That is, the network device is already configured with a response through the pre-installed policy and/or rule sets. Responses may be implemented and/or removed gradually, and different network devices may be instructed to implement different policies in response to the same trigger and the same policy may be implemented with different policy enforcement rules on different devices, ports, or interfaces.
-
Citations
31 Claims
-
1. A method for responding to one or more triggers involving a plurality of network devices of a network system, the method comprising the steps of:
-
a. installing on one or more of the plurality of network devices, prior to detection of the one or more triggers, one or more policy sets, one or more policy enforcement rule (PER) sets, or a combination of policy and PER sets, associated with usage of the network system;
b. designating each of the policy sets and PER sets with a unique rapid response identifier;
c. monitoring the network system for the one or more triggers;
d. upon detection of one or more triggers deemed to require a response, selecting one or more policy sets and/or PER sets deemed responsive to the one or more triggers; and
e. instructing one or more of the one or more network devices to implement the selected one or more policy sets and/or PER sets by communicating thereto one or more of the rapid response identifiers associated with the selected one or more policy sets and/or PER sets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for responding to one or more triggers involving a plurality of network devices of a network system, the system comprising:
-
a. one or more of the plurality of network devices having installed thereon one or more policy sets, one or more policy enforcement rule (PER) sets, or a combination of policy sets and PER sets;
b. an analysis function for analyzing monitored information and relating policy change triggers with the monitored information;
c. an implementation function for signaling one or more policy set or PER set changes based on rapid response identifiers corresponding to each of the one or more policy sets and PER sets; and
d. a policy enforcement function (PEF) for implementing on one or more of the one or more of the plurality of network devices a select one or more of the one or more installed policy sets and/or PER sets based on the rapid response identifiers received from said implementation function. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for responding to one or more triggers involving a plurality of network devices of a network system, the method comprising the steps of:
-
a. mapping one or more policies to one or more corresponding policy enforcement rules (PER);
b. installing on one or more of the plurality of network devices, prior to detection of the one or more triggers, one or more policy sets, one or more PER sets, or a combination of policy and PER sets, associated with usage of the network system;
c. monitoring the network system for the one or more triggers;
d. upon detection of one or more triggers deemed to require a response, selecting one or more policy sets and/or PER sets deemed responsive to the one or more triggers; and
e. instructing one or more of the one or more network devices to implement the selected one or more policy sets and/or PER sets by broadcast or multicast communication. - View Dependent Claims (28, 29, 30, 31)
-
Specification