SECURITY DEVICE CONTROLLER

US 20160308908A1
Filed: 04/29/2016
Published: 10/20/2016
Est. Priority Date: 02/07/2013
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, a security device controller (SDC) is provided. In some embodiments, a security device controller includes receiving a configuration policy in a vendor neutral language; and automatically configuring a plurality of security devices on a heterogeneous network based on the configuration policy. For example, the plurality of security devices can include physical, virtual, or software defined network (SDN) based routers and/or firewalls, and the heterogeneous network can include security devices from a plurality of different vendors.

131 Citations

21 Claims

1. (canceled)

2. A system for a security device controller, comprising:
- a processor configured to;
  
  receive a configuration policy in a vendor neutral language;
  
  determine whether the configuration policy causes a configuration change to at least one security device of a plurality of security devices that violates a general or higher precedential rule; and
  
  in the event that the configuration policy does not cause the configuration change to the at least one security device of the plurality of security devices that violates the general or higher precedential rule, automatically configure the plurality of security devices on a heterogeneous network based on the configuration policy; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. The system of claim 2, wherein the plurality of security devices includes physical, virtual, or software defined network (SDN) based routers and/or firewalls, and wherein the heterogeneous network includes security devices from a plurality of different vendors.
  - 4. The system of claim 2, wherein the processor is further configured to:
    - automatically translate the vendor neutral language into a plurality of vendor specific languages for automatically configuring the plurality of security devices on the network based on the configuration policy.
  - 5. The system of claim 2, wherein the security device controller facilitates provisioning security devices.
  - 6. The system of claim 2, wherein the security device controller facilitates provisioning security devices, including physical security devices, virtual security devices, and/or software defined networks (SDN) based networks.
  - 7. The system of claim 2, wherein the heterogeneous network includes firewall devices from a plurality of different vendors, and wherein a firewall policy defined using the security device controller is automatically translated by the security device controller for each of the different firewall devices.
  - 8. The system of claim 2, wherein the heterogeneous network includes firewall devices from a plurality of different vendors, and wherein a firewall policy defined using the security device controller is automatically translated by the security device controller into a native language for each of the different firewall devices that can be implemented by each of the different firewall devices from each respective vendor.
  - 9. The system of claim 2, wherein the heterogeneous network includes firewall devices from a plurality of different vendors, and wherein a firewall policy defined using the security device controller is automatically translated by the security device controller into a native language for each of the different firewall devices, and sent to each of the different firewall devices that can implement the translated firewall policy to facilitate a common firewall policy configuration across the heterogeneous network.
  - 10. The system of claim 2, wherein the heterogeneous network includes security devices from a plurality of different vendors, and wherein the processor is further configured to:
    - automatically translate the vendor neutral language into a plurality of vendor specific languages for automatically configuring the plurality of security devices on the network based on the configuration policy to generate translated configuration policies for each of the plurality of security devices; and
      
      send the translated configuration policies for each of the plurality of security devices to each of the plurality of security devices, respectively.
  - 11. The system of claim 2, wherein the heterogeneous network includes security devices from a plurality of different vendors, and wherein the processor is further configured to:
    - generate a report on the configured security devices on the heterogeneous network.

12. A method for a security device controller, comprising:
- receiving a configuration policy in a vendor neutral language;
  
  determining whether the configuration policy causes a configuration change to at least one security device of a plurality of security devices that violates a general or higher precedential rule; and
  
  in the event that the configuration policy does not cause the configuration change to the at least one security device of the plurality of security devices that violates the general or higher precedential rule, automatically configuring the plurality of security devices on a heterogeneous network based on the configuration policy.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the plurality of security devices includes physical, virtual, or software defined network (SDN) based routers and/or firewalls, and wherein the heterogeneous network includes security devices from a plurality of different vendors.
  - 14. The method of claim 12, further comprising:
    - automatically translating the vendor neutral language into a plurality of vendor specific languages for automatically configuring the plurality of security devices on the network based on the configuration policy.
  - 15. The method of claim 12, wherein the security device controller facilitates provisioning security devices.
  - 16. The method of claim 12, wherein the security device controller facilitates provisioning security devices, including physical security devices, virtual security devices, and/or software defined networks (SDN) based networks.

17. A computer program product for a security device controller, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
- receiving a configuration policy in a vendor neutral language;
  
  determining whether the configuration policy causes a configuration change to at least one security device of a plurality of security devices that violates a general or higher precedential rule; and
  
  in the event that the configuration policy does not cause the configuration change to the at least one security device of the plurality of security devices that violates the general or higher precedential rule, automatically configuring the plurality of security devices on a heterogeneous network based on the configuration policy.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer program product recited in claim 17, wherein the plurality of security devices includes physical, virtual, or software defined network (SDN) based routers and/or firewalls, and wherein the heterogeneous network includes security devices from a plurality of different vendors.
  - 19. The computer program product recited in claim 17, further comprising computer instructions for:
    - automatically translating the vendor neutral language into a plurality of vendor specific languages for automatically configuring the plurality of security devices on the network based on the configuration policy.
  - 20. The computer program product recited in claim 17, wherein the security device controller facilitates provisioning security devices.
  - 21. The computer program product recited in claim 17, wherein the security device controller facilitates provisioning security devices, including physical security devices, virtual security devices, and/or software defined networks (SDN) based networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infoblox Incorporated
Original Assignee
Infoblox Incorporated
Inventors
Kirby, Jason A., Belamaric, John Dominic, Tur, Francois J., Troillard, Christophe

Granted Patent

US 9,648,047 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 63/02   for separating internal fro...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/20   for managing network securi...

SECURITY DEVICE CONTROLLER

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY DEVICE CONTROLLER

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links