METHOD AND SYSTEM FOR MAPPING BETWEEN CONNECTIVITY REQUESTS AND A SECURITY RULE SET
First Claim
1. A system capable of automated mapping between a connectivity request and an ordered security rule-set, the system comprising:
- an interface operable to obtain data characterizing at least one connectivity request;
means for automated recognizing at least one rule within the rule-set, said rule controlling traffic requested in said at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations firstly specified in the rule and matching connectivity-related actions specified in said at least one connectivity request;
means for automated evaluating relationship between traffic controlled by said recognized at least one rule and traffic requested in said at least one connectivity request; and
means for automated classifying, in accordance with evaluation results, said at least one connectivity request with respect to said at least one rules and/or said at least one rule with respect to said at least one connectivity request.
5 Assignments
0 Petitions
Accused Products
Abstract
A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.
-
Citations
20 Claims
-
1. A system capable of automated mapping between a connectivity request and an ordered security rule-set, the system comprising:
-
an interface operable to obtain data characterizing at least one connectivity request; means for automated recognizing at least one rule within the rule-set, said rule controlling traffic requested in said at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations firstly specified in the rule and matching connectivity-related actions specified in said at least one connectivity request; means for automated evaluating relationship between traffic controlled by said recognized at least one rule and traffic requested in said at least one connectivity request; and means for automated classifying, in accordance with evaluation results, said at least one connectivity request with respect to said at least one rules and/or said at least one rule with respect to said at least one connectivity request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of automated managing an ordered security rule-set, the method comprising:
-
obtaining data characterizing one or more of connectivity requests; automated recognizing at least one connectivity request requesting traffic at least partially controlled by a certain rule from the rule-set, thus giving rise to at least one connectivity request engaged with respect to said certain rule, wherein the recognizing is provided by comparing a set of combinations specified in a connectivity request with a set of combinations firstly specified in said certain rule and matching connectivity-related actions specified in said certain connectivity request; automated evaluating relationship between the traffic controlled by said certain rule and the traffic requested in said at least one engaged connectivity request; and in accordance with the evaluation result, automated classifying said certain rule with respect to said at least one engaged connectivity request. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method of automated managing an ordered security rule-set, the method comprising:
-
obtaining data characterizing at least a certain connectivity request; automated recognizing at least one rule from the rule-set, said rule at least partially controlling traffic requested in said certain connectivity request, thus giving rise to at least one rule engaged with respect to said comparing a set of combinations specified in said certain connectivity request with a set of combinations firstly specified in a rule and matching connectivity-related actions specified in said at least one connectivity request; automated evaluating relationship between the traffic requested in said certain connectivity request and traffic controlled by said at least one engaged rule and the traffic; and in accordance with the evaluation result, automated classifying said certain connectivity request with respect to said at least one engaged rule. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a non-transitory computer useable medium having computer readable program code embodied therein for collecting information relating to a communication network and to nodes operating therein, the computer program product comprising:
-
computer readable program code for enabling the computer to obtain data characterizing one or more of connectivity requests; computer readable program code for enabling the computer to recognize at least one connectivity request requesting traffic at least partially controlled by a certain rule from the rule-set, thus giving rise to at least one connectivity request engaged with respect to said certain rule, wherein the recognition is provided by comparing a set of combinations specified in a certain connectivity request with a set of combinations firstly specified in the rule and matching connectivity-related actions specified in said certain connectivity request; computer readable program code for enabling the computer to evaluate relationship between the traffic controlled by said certain rule and the traffic requested in said at least one engaged connectivity request; and computer readable program code for enabling the computer, to classify said certain rule with respect to said at least one engaged connectivity request in accordance with the evaluation result.
-
Specification