DYNAMIC POLICY PROVISIONING WITHIN NETWORK SECURITY DEVICES
First Claim
1. A method comprising:
- receiving, with a network security device of a network, network traffic;
applying, with the network security device, a first policy to the network traffic to detect a first set of network attacks, wherein the first policy identifies a first set of attack patterns that correspond to the first set of network attacks;
monitoring, with the network security device, parameters corresponding to utilization of one or more internal resources of the network security device;
dynamically determining, with the network security device, when to apply a second policy to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device;
applying, with the network security device, the second policy to at least the portion of the network traffic to detect a second set of network attacks based on the dynamic determination, wherein the second policy identifies a second set of attack patterns that correspond to the second set of network attacks, and wherein the first set of attack patterns and the second set of attack patterns identify at least one different attack pattern; and
forwarding, with the network security device, at least the portion of the network traffic based on the application of the second policy.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention is directed to techniques for dynamic policy provisioning. A network security device may comprise a memory that stores a first policy that identifies a first set of patterns that correspond to a first set of network attacks and a second policy, and a control unit that applies the first policy to the network traffic to detect the first set of network attacks. The control unit, while applying the first policy, monitors parameters corresponding to one or more resources and dynamically determines whether to apply a second policy to the network traffic based on the parameters. The control unit, based on the dynamic determination, applies the second policy to the network traffic to detect a second set of network attacks and forwards the network traffic based on the application of the second policy. In this manner, the network security device may implement the dynamic policy provisioning techniques.
-
Citations
34 Claims
-
1. A method comprising:
-
receiving, with a network security device of a network, network traffic; applying, with the network security device, a first policy to the network traffic to detect a first set of network attacks, wherein the first policy identifies a first set of attack patterns that correspond to the first set of network attacks; monitoring, with the network security device, parameters corresponding to utilization of one or more internal resources of the network security device; dynamically determining, with the network security device, when to apply a second policy to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device; applying, with the network security device, the second policy to at least the portion of the network traffic to detect a second set of network attacks based on the dynamic determination, wherein the second policy identifies a second set of attack patterns that correspond to the second set of network attacks, and wherein the first set of attack patterns and the second set of attack patterns identify at least one different attack pattern; and forwarding, with the network security device, at least the portion of the network traffic based on the application of the second policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A network security device of a network that receives network traffic comprising:
-
a memory that stores a first policy and a second policy, wherein the first policy identifies a first set of attack patterns that correspond to a first set of network attacks, the second policy identifies a second set of attack patterns that correspond to the second set of network attacks, and the first set of attack patterns and the second set of attack patterns identify at least one different attack pattern; and a control unit that applies the first policy to the network traffic to detect the first set of network attacks, monitors parameters corresponding to utilization of one or more internal resources of the network security device, dynamically determines when to apply a second policy to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device, applies the second policy to at least the portion of the network traffic to detect a second set of network attacks based on the dynamic determination, and forwards at least the portion of the network traffic based on the application of the second policy. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A network system comprising:
-
a plurality of computing nodes of a network that transmit and receive network traffic; a plurality of network security devices of the network that process the network traffic; and a network security manager (NSM) device that distributes a plurality of policies to each of the plurality of network security devices, wherein each of the plurality of network security devices includes; a memory that stores a first one of the plurality of policies and a second one of the plurality of policies, wherein the first one of the plurality of policies identifies a first set of attack patterns that correspond to a first set of network attacks, the second one of the plurality of policies identifies a second set of attack patterns that correspond to the second set of network attacks, and the first set of attack patterns and the second set of attack patterns identify at least one different attack pattern; and a control unit that applies the first one of the plurality of policies to the network traffic to detect the first set of network attacks, monitors parameters corresponding to one or more internal resources of the network security device, dynamically determines when to apply a second one of the plurality of policies to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device, applies the second one of the plurality of policies to at least the portion of the network traffic to detect a second set of network attacks based on the dynamic determination, and forwards at least the portion of the network traffic based on the application of the second one of the plurality of policies. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A computer-readable storage medium comprising instructions for causing a programmable processor to:
-
receive, with a network security device of a network, network traffic; apply, with the network security device, a first policy to the network traffic to detect a first set of network attacks, wherein the first policy identifies a first set of attack patterns that correspond to the first set of network attacks; monitor, with the network security device, parameters corresponding to utilization of one or more internal resources of the network security device; dynamically determine, with the network security device, when to apply a second policy to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device; apply, with the network security device, the second policy to at least the portion of the network traffic to detect a second set of network attacks based on the dynamic determination, wherein the second policy identifies a second set of attack patterns that correspond to the second set of network attacks, and wherein the first set of attack patterns and the second set of attack patterns identify at least one different attack pattern; and forward, with the network security device, at least the portion of the network traffic based on the application of the second policy.
-
-
34. A method comprising:
-
receiving, with a network security device of a network, network traffic, wherein the network security device internally comprises a first path for processing initial packets of new packet flows and a fast path for processing packets for existing packet flows; applying, with the network security device, a first policy to the network traffic to detect a first set of network attacks, wherein the first policy identifies a first set of attack patterns that correspond to the first set of network attacks; monitoring, with the network security device, parameters corresponding to utilization of one or more internal resources of the network security device; dynamically determining, with the network security device, when to apply a second policy to at least a portion of the network traffic based on the monitored parameters for the utilization of the one or more internal resources of the network security device; applying, with the network security device, the second policy based on the dynamic determination, wherein the second policy specifies that the first set of attack patterns are to be applied to all the packets of the fast path for the existing packet flows setup prior to the dynamic determination and without application to all the packets of the new flows that go through the first path after the dynamic determination; and forwarding, with the network security device, at least the portion of the network traffic based on the application of the second policy.
-
Specification