System and Apparatus for Providing Network Security
First Claim
Patent Images
1. A system comprising:
- a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow; and
a controller, said controller configured to provide control information to said rule engine to define one or more actions which are performable with respect to said flow,wherein communications between said rule engine and said controller are secure,wherein said controller is configured to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine,wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both,wherein said controller comprises hardware, one or more programmable hardware processors, or a combination of both.
2 Assignments
0 Petitions
Accused Products
Abstract
A rule engine receives data flows. The data flows are between a network and an application. The rule engine determines data flow information and in dependence on the information performs an action with respect to said flow. A controller provides control information to the rule engine to define one or more actions. The communications between said rule engine and said controller are secure.
17 Citations
24 Claims
-
1. A system comprising:
-
a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow; and a controller, said controller configured to provide control information to said rule engine to define one or more actions which are performable with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said controller is configured to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both, wherein said controller comprises hardware, one or more programmable hardware processors, or a combination of both. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network interface device comprising:
-
a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow, said rule engine configured to receive control information from a controller defining one or more of said actions which are performable with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said rule engine is configured to send information about said data flows to said controller to enable the controller to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both.
-
-
19. An server apparatus comprising:
-
a controller, said controller configured to provide control information to a rule engine in a network interface device to define one or more actions, the rule engine configured receive data flows between a network and an application and to perform one or more of said actions with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said controller is configured to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein said controller comprises hardware, one or more programmable hardware processors, or a combination of both.
-
-
20. A computer program product, the computer program product being embodied on a non-transient computer-readable medium and configured so as when executed on a processor to provide a rule engine which:
-
receives data flows, said data flows being between a network and an application; determines data flow information and in dependence on said information to perform an action with respect to said flow; and receives control information from a controller defining one or more of said actions which are performable with respect to said flow, said rule engine having a first data store configured to store at least one first key, wherein communications between said rule engine and said controller are secure, wherein said rule engine is configured to send information about said data flows to said controller to enable the controller to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine.
-
-
21. A computer program product, the computer program product being embodied on a non-transient computer-readable medium and configured so as, when executed on a processor, to provide a controller which:
-
provides control information to a rule engine in a network interface device to define one or more actions, the rule engine configured to receive data flows between a network and an application and to perform one or more of said actions with respect to said flow; performs a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein communications between said rule engine and said controller are secure.
-
-
22. A firewall device comprising:
a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow, said rule engine configured to receive control information from a controller defining one or more of said actions which are performable with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said rule engine is configured to send information about said data flows to said controller to enable the controller to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both.
-
23. A switch comprising:
-
a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow, said rule engine configured to receive control information from a controller defining one or more of said actions which are performable with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said rule engine is configured to send information about said data flows to said controller to enable the controller to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, and wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both.
-
-
24. A data processing device comprising a hypervisor, the hypervisor comprising:
a rule engine configured to receive data flows, said data flows being between a network and an application, said rule engine being provided between said network and said application, said rule engine being configured to determine data flow information and in dependence on said information to perform an action with respect to said flow, said rule engine configured to receive control information from a controller defining one or more of said actions which are performable with respect to said flow, wherein communications between said rule engine and said controller are secure, wherein said rule engine is configured to send information about said data flows to said controller to enable the controller to perform a function with respect to at least one data flow in response to a determination that said data flow information associated with said at least one data flow is not present in said rules engine, wherein said rule engine comprises hardware, one or more programmable hardware processors, or a combination of both.
Specification