SYSTEMS AND METHODS FOR MANAGING APPLICATION SECURITY PROFILES
First Claim
1. A method for configuring one or more application security profiles for a device, each application security profile specifying a number of checks performing security functions related to an application, the method comprising:
- (a) providing a configuration interface for configuring an application security profile;
(b) receiving, via the configuration interface, a first setting, the setting specifying corresponding to a first check of the application security profile;
(c) receiving, via the configuration interface, a second setting, the second setting specifying corresponding to a second check of the application security profile;
(d) identifying, by the configuration interface, a policy, the policy specifying a rule comprising a first expression; and
(e) receiving, via the interface, information identifying the application security profile to be processed based on an evaluation of the rule.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
-
Citations
34 Claims
-
1. A method for configuring one or more application security profiles for a device, each application security profile specifying a number of checks performing security functions related to an application, the method comprising:
-
(a) providing a configuration interface for configuring an application security profile; (b) receiving, via the configuration interface, a first setting, the setting specifying corresponding to a first check of the application security profile; (c) receiving, via the configuration interface, a second setting, the second setting specifying corresponding to a second check of the application security profile; (d) identifying, by the configuration interface, a policy, the policy specifying a rule comprising a first expression; and (e) receiving, via the interface, information identifying the application security profile to be processed based on an evaluation of the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. In an appliance, a method for executing one or more application security profiles for a device, each application security profile specifying a number of policy groups performing security functions related to an application, the method comprising:
-
(a) identifying, by an appliance, a first policy to apply to a received packet stream;
the first policy specifying a rule comprising a first expression and identifying an application security profile;(b) evaluating, by the appliance, the rule; (c) processing, by the appliance in response to the evaluation of the rule, a first check specified by the application security profile; and (d) processing, by the appliance in response to the evaluation of the rule, a second check specified by the application security profile. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An appliance for executing one or more application security profiles for a device, each application security profile specifying a number of policy groups performing security functions related to an application, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine in communication with the packet processor which identifies a first policy to apply to the received packet stream;
the first policy specifying a rule comprising a first expression and identifying an application security profile;
evaluates the rule;
processes, in response to the evaluation of the rule, a first check specified by the application security profile; and
processes, in response to the evaluation of the rule, a second check specified by the application security profile; - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification