System and method to apply network traffic policy to an application session
First Claim
1. A method for generating a report for one or more application session records, comprising:
- recognizing an application session between a network and an application via a security gateway;
determining by the security gateway a user identity from an application session record for the application session, wherein the application session record comprises the user identity used for accessing the network through a host, a host identity for the host, and an application session time, wherein a creating of the application session record comprises;
querying an identity server by sending the host identity and the application session time in the application session record, wherein the identity server comprises an access session record for an access session between a second host and the network, wherein the access session record comprises a second user identity used for accessing the network through the second host, a second host identity for the second host, and an access session time,wherein the identity server compares the host identity in the application session record with the second host identity in the access session record, and comparing the access session time with the application session time,wherein the identity server returns the second user identity in the access session record, if the host identity in the application session record matches the second host identity in the access session record, and if the access session time matches the application session time; and
storing the second user identity as a network user identity used for accessing the network in the application session record;
determining one or more security policies applicable to the application session based on the user identity; and
generating a security report based on the application session record and the one or more security policies.
2 Assignments
0 Petitions
Accused Products
Abstract
Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
-
Citations
36 Claims
-
1. A method for generating a report for one or more application session records, comprising:
-
recognizing an application session between a network and an application via a security gateway; determining by the security gateway a user identity from an application session record for the application session, wherein the application session record comprises the user identity used for accessing the network through a host, a host identity for the host, and an application session time, wherein a creating of the application session record comprises; querying an identity server by sending the host identity and the application session time in the application session record, wherein the identity server comprises an access session record for an access session between a second host and the network, wherein the access session record comprises a second user identity used for accessing the network through the second host, a second host identity for the second host, and an access session time, wherein the identity server compares the host identity in the application session record with the second host identity in the access session record, and comparing the access session time with the application session time, wherein the identity server returns the second user identity in the access session record, if the host identity in the application session record matches the second host identity in the access session record, and if the access session time matches the application session time; and storing the second user identity as a network user identity used for accessing the network in the application session record; determining one or more security policies applicable to the application session based on the user identity; and generating a security report based on the application session record and the one or more security policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product generating a report for one or more application session records, the computer program product comprising:
a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code configured to; recognize an application session between a network and an application via a security gateway; determine by the security gateway a user identity from an application session record for the application session, wherein the application session record comprises the user identity used for accessing the network through a host, a host identity for the host, and an application session time, wherein the computer readable program code configured to create the application session record is further configured to; query an identity server by sending the host identity and the application session time in the application session record, wherein the identity server comprises an access session record for an access session between a second host and the network, wherein the access session record comprises a second user identity used for accessing the network through the second host, a second host identity for the second host, and an access session time, wherein the identity server compares the host identity in the application session record with the second host identity in the access session record, and comparing the access session time with the application session time, wherein the identity server returns the second user identity in the access session record, if the host identity in the application session record matches the second host identity in the access session record, and if the access session time matches the application session time; and store the second user identity as a network user identity used for accessing the network in the application session record; determine one or more security policies applicable to the application session based on the user identity; and generate a security report based on the application session record and the one or more security policies. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
25. A system, comprising:
-
a corporate directory comprising a plurality of security policies; and a security gateway, wherein the security gateway; recognizes an application session between a network and an application via a security gateway; determines a user identity from an application session record for the application session, wherein the application session record comprises the user identity used for accessing the network through a host, a host identity for the host, and an application session time, wherein in creating the application session record, the security gateway; queries an identity server by sending the host identity and the application session time in the application session record, wherein the identity server comprises an access session record for an access session between a second host and the network, wherein the access session record comprises a second user identity used for accessing the network through the second host, a second host identity for the second host, and an access session time, wherein the identity server compares the host identity in the application session record with the second host identity in the access session record, and comparing the access session time with the application session time, wherein the identity server returns the second user identity in the access session record, if the host identity in the application session record matches the second host identity in the access session record, and if the access session time matches the application session time; and stores the second user identity as a network user identity used for accessing the network in the application session record; determines one or more security policies applicable to the application session based on the user identity; and generates a security report based on the application session record and the one or more security policies. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification