AUTOMATED SECURITY POLICY ENFORCEMENT AND AUDITING

US 20140165128A1
Filed: 12/06/2012
Published: 06/12/2014
Est. Priority Date: 12/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method of managing a connection to or from a device, the method comprising the steps of:

a computer identifying connections of the device;

based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;

the computer determining whether an existing or proposed connection of the device is consistent with the classification of the device, and if not, the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for managing a connection to or from a device is presented. Connections of the device are identified. Based on the connections, the device is determined and classified based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management for the device. Whether an existing or proposed connection of the device is consistent with the classification of the device is determined, and if not, an indication is displayed or a notification is sent that the existing or proposed connection is inconsistent with the classification of the device.

60 Citations

View as Search Results

20 Claims

1. A method of managing a connection to or from a device, the method comprising the steps of:
- a computer identifying connections of the device;
  
  based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  the computer determining whether an existing or proposed connection of the device is consistent with the classification of the device, and if not, the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the computer determines and classifies the device based on the security zones to which the device is or has been connected, the quality of service requirement for one or more applications within the device, and the level of ITSM for the device.
  - 3. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and in response, the computer modifying the existing or proposed connection to be consistent with the classification of the device.
  - 4. The method of claim 3, wherein the step of modifying the existing or proposed connection includes replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 5. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a modification of the existing or proposed connection, and subsequent to receiving the modification, the computer determining whether the modification of the existing or proposed connection is consistent with the classification of the device.
  - 6. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and in response, the computer modifying a policy that specifies the classification of the device so that the existing or proposed connection is consistent with the classification based on the modified policy.
  - 7. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification.
  - 8. The method of claim 7, further comprising the steps of:
    - the computer determining one or more other devices have one or more classifications that match the classification of the device;
      
      the computer determining respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;
      
      the computer receiving one or more other confirmations of the one or more other existing or proposed connections;
      
      the computer determining a count of the confirmation and the one or more other confirmations and determining the count is greater than a threshold number of confirmations;
      
      subsequent to the step of determining the count, the computer classifying another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;
      
      the computer determining another existing or proposed connection of the other device is inconsistent with the classification of the other device; and
      
      based on the count being greater than the threshold number of confirmations, the computer permitting another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification.
  - 9. The method of claim 1, wherein the step of the computer determining and classifying the device includes the steps of:
    - the computer determining a probability of the device having the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM by generating a Bayesian belief network through which evidence is propagated, the evidence including known factors of other devices, the known factors including at least one of;
      
      security zones to which the other devices are or have been connected, quality of service requirements for one or more applications within the other devices, and levels of ITSM of the other devices.
  - 10. The method of claim 1, further comprising the steps of:
    - the computer determining and classifying other devices based on security zones to which the other devices are or have been connected, quality of service requirements for one or more applications within the other devices, and levels of ITSM of the other devices;
      
      the computer receiving a request to identify device(s) having respective connection(s) that are in compliance with a policy that specifies the classifications of the other devices;
      
      in response to the step of receiving the request, the computer selecting the device(s) from the other devices so that the connection(s) are consistent with respective classification(s) of the device(s);
      
      based on the connection(s) being consistent with the classification(s), the computer determining the connection(s) are in compliance with the policy; and
      
      the computer initiating a display of identification(s) of the device(s) whose connection(s) are in compliance with the policy or creating a new connection to at least one of the device(s).

11. A computer system for managing a connection to or from a device, the computer system comprising:
- a CPU;
  
  a computer-readable memory;
  
  a computer-readable storage device;
  
  first program instructions to identify connections of the device;
  
  second program instructions to, based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  third program instructions to determine whether an existing or proposed connection of the device is consistent with the classification of the device, and if not, display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device,wherein the first, second, and third program instructions are stored on the computer-readable storage device for execution by the CPU via the computer-readable memory.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer system of claim 11, wherein the second program instructions determine and classify the device based on the security zones to which the device is or has been connected, the quality of service requirement for one or more applications within the device, and the level of ITSM for the device.
  - 13. The computer system of claim 11, wherein the third program instructions determine that the existing or proposed connection is inconsistent with the classification of the device, and in response, modify the existing or proposed connection to be consistent with the classification of the device.
  - 14. The computer system of claim 13, wherein the third program instructions modify the existing or proposed connection by replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 15. The computer system of claim 11, wherein the third program instructions determine that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a modification of the existing or proposed connection, and subsequent to receiving the modification, determine whether the modification of the existing or proposed connection is consistent with the classification of the device.

16. A computer program product for managing a connection to or from a device, the computer program product comprising:
- computer-readable storage device(s); and
  
  computer-readable program instructions stored on the computer-readable storage device(s), the computer-readable program instructions when executed by a CPU;
  
  identify connections of the device;
  
  based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  determine whether an existing or proposed connection of the device is consistent with the classification of the device, and if not, display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The program product of claim 16, wherein the computer-readable program instructions, when executed by the CPU, determine and classify the device based on the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, and the level of ITSM for the device.
  - 18. The program product of claim 16, wherein the computer-readable program instructions, when executed by the CPU, determine that the existing or proposed connection is inconsistent with the classification of the device, and in response, modify the existing or proposed connection to be consistent with the classification.
  - 19. The program product of claim 18, wherein the computer-readable program instructions, when executed by the CPU, modify the existing or proposed connection by replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 20. The program product of claim 16, wherein the computer-readable program instructions, when executed by the CPU, determine that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a modification of the existing or proposed connection, and subsequent to receiving the modification, determine whether the modification of the existing or proposed connection is consistent with the classification of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Auvenshine, John J., Bartholomy, Erik, Hourselt, Andrew G., Olson, John T., Walter, Victor L., Wood, Stanley C., Haddock, Thomas E., Paquette, Kenneth D.

Granted Patent

US 9,071,644 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/104   Grouping of entities

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

AUTOMATED SECURITY POLICY ENFORCEMENT AND AUDITING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED SECURITY POLICY ENFORCEMENT AND AUDITING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links