Method and system for mapping between connectivity requests and a security rule set
First Claim
1. A system capable of automatically mapping between a connectivity request and an ordered security rule-set, the system comprising:
- a memory;
an interface operable to obtain data characterizing a first plurality of combinations of values specified in at least one connectivity request;
a processor operatively coupled to the interface and the memory, the processor to;
automatically recognize at least one rule within the rule-set, said rule controlling at least part of traffic requested in said at least one connectivity request, wherein the recognizing is provided by comparing the first plurality of combinations specified in the connectivity request with at least one second plurality of combinations, each of said at least one second plurality being firstly specified by a respective rule within the rule-set and matches connectivity-related actions specified in said at least one connectivity request;
automatically evaluate a ratio between an un-shadowed volume requested by said at least one connectivity request in said recognized at least one rule and the overall un-shadowed volume of said recognized at least one rule, thereby giving rise to a conformity ratio characterizing the relationship between said at least one connectivity request and said recognized at least one rule, wherein the evaluation results indicate if said at least one connectivity request requires rule-set amendments in order to be accepted; and
automatically classify said at least one connectivity request with respect to said at least one rule and/or said at least one rule with respect to said at least one connectivity request in accordance with said conformity ratio, wherein a classifying result is indicative of involvement of said recognized at least one rule in business needs associated with said at least one connectivity request.
4 Assignments
0 Petitions
Accused Products
Abstract
A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.
-
Citations
16 Claims
-
1. A system capable of automatically mapping between a connectivity request and an ordered security rule-set, the system comprising:
-
a memory; an interface operable to obtain data characterizing a first plurality of combinations of values specified in at least one connectivity request; a processor operatively coupled to the interface and the memory, the processor to; automatically recognize at least one rule within the rule-set, said rule controlling at least part of traffic requested in said at least one connectivity request, wherein the recognizing is provided by comparing the first plurality of combinations specified in the connectivity request with at least one second plurality of combinations, each of said at least one second plurality being firstly specified by a respective rule within the rule-set and matches connectivity-related actions specified in said at least one connectivity request; automatically evaluate a ratio between an un-shadowed volume requested by said at least one connectivity request in said recognized at least one rule and the overall un-shadowed volume of said recognized at least one rule, thereby giving rise to a conformity ratio characterizing the relationship between said at least one connectivity request and said recognized at least one rule, wherein the evaluation results indicate if said at least one connectivity request requires rule-set amendments in order to be accepted; and automatically classify said at least one connectivity request with respect to said at least one rule and/or said at least one rule with respect to said at least one connectivity request in accordance with said conformity ratio, wherein a classifying result is indicative of involvement of said recognized at least one rule in business needs associated with said at least one connectivity request. - View Dependent Claims (2, 3)
-
-
4. A method of automatically managing an ordered security rule-set using a rule-set manager, the method comprising:
-
obtaining data characterizing first pluralities of combinations of values specified, respectively, in one or more of connectivity requests; automatically recognizing by the rule-set manager at least one connectivity request requesting traffic at least partially controlled by a certain rule from the rule-set, thereby giving rise to at least one connectivity request engaged with respect to said certain rule, wherein the recognizing is provided by comparing a first plurality of combinations of values specified in said at least one connectivity request with a second plurality of combinations of values, said second plurality is firstly specified in said certain rule and matches connectivity-related actions specified in said certain connectivity request; automatically evaluating a ratio between an un-shadowed volume requested by said engaged connectivity request in said certain rule and the overall un-shadowed volume of said certain rule, thereby giving rise to a conformity ratio being indicative of a degree of satisfaction of said engaged connectivity request by said certain rule, wherein evaluating is provided by the rule-set manager and the evaluation results indicate if said at least one connectivity request requires rule-set amendments in order to be accepted; and in accordance with said conformity ratio, automatically classifying by the rule-set manager said certain rule with respect to said at least one engaged connectivity request, wherein a classifying result is indicative of involvement of said certain rule in business needs associated with said engaged connectivity request. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A method of automatically managing an ordered security rule-set using a rule-set manager, the method comprising:
-
obtaining data characterizing a first plurality of combinations of values specified in a certain connectivity request; automatically recognizing by the rule-set manager at least one rule from the rule-set, said rule at least partially controlling traffic requested in said certain connectivity request, thereby giving rise to at least one rule engaged with respect to said certain connectivity request, wherein the recognizing is provided by comparing the first plurality of combinations of values specified in said certain connectivity request with at least one second plurality of combinations of values, each of at least one second plurality is firstly specified in respective rules from the rule-set and match connectivity-related actions specified in said certain connectivity request; automatically evaluating a ratio between an un-shadowed volume requested by said at least one connectively request in said at least one engaged rule and the overall un-shadowed volume of said at least one engaged rule, thereby giving rise to a conformity ratio characterizing a degree of satisfaction of said certain connectivity request by said at least one engaged rule, wherein the evaluating is provided by the rule-set manager and the evaluation results indicate if said at least one connectivity request requires rule-set amendments in order to be accepted; and in accordance with said conformity ratio, automatically classifying by the rule-set manager said certain connectivity request with respect to said at least one engaged rule, wherein a classifying result is indicative of involvement of said at least one engaged rule in business needs associated with said certain connectivity request. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program product comprising a non-transitory computer useable medium having computer readable program code embodied therein for collecting information relating to a communication network and to nodes operating therein, the computer program product comprising:
-
computer readable program code for enabling the computer to obtain data characterizing first pluralities of combinations of values specified, respectively, in one or more of connectivity requests; computer readable program code for enabling the computer to recognize at least one connectivity request requesting traffic at least partially controlled by a certain rule from the rule-set, thereby giving rise to at least one connectivity request engaged with respect to said certain rule, wherein the recognition is provided by comparing a first plurality of combinations of values specified in said one or more connectivity requests with a second plurality of combinations of values, said second plurality being firstly specified in said certain rule and matches connectivity-related actions specified in said certain connectivity request; computer readable program code for enabling the computer to evaluate a ratio between an un-shadowed volume requested by said engaged connectivity request in said certain rule and the overall un-shadowed volume of said certain rule, thereby giving rise to a conformity ratio being indicative of a degree of satisfaction of said engaged connectivity request by said certain rule, wherein the evaluation results indicate if said at least one connectivity request requires rule-set amendments in order to be accepted; and computer readable program code for enabling the computer, to classify said certain rule with respect to said at least one engaged connectivity request in accordance with said conformity ratio, wherein a classifying result is indicative of involvement of said certain rule in business needs associated with said at least one engaged connectivity request.
-
Specification