Method and system for management of security rule set
First Claim
1. A method of automated managing an ordered set of security rules implemented at one or more security gateways, the method comprising:
- a. obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request;
b. automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria;
c. automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and
d. automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways, thus giving rise to an amended rule-set.
4 Assignments
0 Petitions
Accused Products
Abstract
There are provided a method of automated managing an ordered set of security rules implemented at one or more security gateways and a system thereof. The method comprises a) obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; b) automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria; c) automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and d) automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways. At least one predefined criterion may be related to extra allowed traffic resulting from the amendment and/or to requested traffic restricted after amendment because of shadowing by one or more rules above the amended rule.
-
Citations
24 Claims
-
1. A method of automated managing an ordered set of security rules implemented at one or more security gateways, the method comprising:
-
a. obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; b. automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria; c. automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and d. automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways, thus giving rise to an amended rule-set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system capable of automated managing an ordered set of security rules implemented at one or more security gateways, the system comprising:
-
a. means for obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; b. means for automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria; c. means for automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and d. means for automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways, thus giving rise to an amended rule-set. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification