Automated security policy enforcement and auditing

US 9,071,644 B2
Filed: 12/06/2012
Issued: 06/30/2015
Est. Priority Date: 12/06/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing a connection to or from a device, the method comprising the steps of:

a computer identifying connections of the device;

based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;

the computer determining that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device;

the computer determining one or more other devices have one or more classifications that match the classification of the device;

the computer determining respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;

the computer receiving one or more other confirmations of the one or more other existing or proposed connections;

the computer determining a count of the confirmation and the one or more other confirmations and determining the count is greater than a threshold number of confirmations;

subsequent to the step of determining the count, the computer classifying another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;

the computer determining another existing or proposed connection of the other device is inconsistent with the classification of the other device; and

based on the count being greater than the threshold number of confirmations, the computer permitting another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for managing a connection to or from a device is presented. Connections of the device are identified. Based on the connections, the device is determined and classified based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management for the device. Whether an existing or proposed connection of the device is consistent with the classification of the device is determined, and if not, an indication is displayed or a notification is sent that the existing or proposed connection is inconsistent with the classification of the device.

32 Citations

View as Search Results

18 Claims

1. A method of managing a connection to or from a device, the method comprising the steps of:
- a computer identifying connections of the device;
  
  based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  the computer determining that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device;
  
  the computer determining one or more other devices have one or more classifications that match the classification of the device;
  
  the computer determining respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;
  
  the computer receiving one or more other confirmations of the one or more other existing or proposed connections;
  
  the computer determining a count of the confirmation and the one or more other confirmations and determining the count is greater than a threshold number of confirmations;
  
  subsequent to the step of determining the count, the computer classifying another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;
  
  the computer determining another existing or proposed connection of the other device is inconsistent with the classification of the other device; and
  
  based on the count being greater than the threshold number of confirmations, the computer permitting another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the computer determines and classifies the device based on the security zones to which the device is or has been connected, the quality of service requirement for one or more applications within the device, and the level of ITSM for the device.
  - 3. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and in response, the computer modifying the existing or proposed connection to be consistent with the classification of the device.
  - 4. The method of claim 3, wherein the step of modifying the existing or proposed connection includes replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 5. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a modification of the existing or proposed connection, and subsequent to receiving the modification, the computer determining whether the modification of the existing or proposed connection is consistent with the classification of the device.
  - 6. The method of claim 1, wherein the computer determines that the existing or proposed connection is inconsistent with the classification of the device, and in response, the computer modifying a policy that specifies the classification of the device so that the existing or proposed connection is consistent with the classification based on the modified policy.
  - 7. The method of claim 1, wherein the step of the computer determining and classifying the device includes the steps of:
    - the computer determining a probability of the device having the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM by generating a Bayesian belief network through which evidence is propagated, the evidence including known factors of other devices, the known factors including at least one of;
      
      security zones to which the other devices are or have been connected, quality of service requirements for one or more applications within the other devices, and levels of ITSM of the other devices.
  - 8. The method of claim 1, further comprising the steps of:
    - the computer determining and classifying other devices based on security zones to which the other devices are or have been connected, quality of service requirements for one or more applications within the other devices, and levels of ITSM of the other devices;
      
      the computer receiving a request to identify device(s) having respective connection(s) that are in compliance with a policy that specifies the classifications of the other devices;
      
      in response to the step of receiving the request, the computer selecting the device(s) from the other devices so that the connection(s) are consistent with respective classification(s) of the device(s);
      
      based on the connection(s) being consistent with the classification(s), the computer determining the connection(s) are in compliance with the policy; and
      
      the computer initiating a display of identification(s) of the device(s) whose connection(s) are in compliance with the policy or creating a new connection to at least one of the device(s).

9. A computer system for managing a connection to or from a device, the computer system comprising:
- a CPU;
  
  a computer-readable memory;
  
  a computer-readable storage device;
  
  first program instructions to identify connections of the device;
  
  second program instructions to, based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  third program instructions to determine that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification and display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device,fourth program instructions to determine one or more other devices have one or more classifications that match the classification of the device;
  
  fifth program instructions to determine respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;
  
  sixth program instructions to receive one or more other confirmations of the one or more other existing or proposed connections;
  
  seventh program instructions to determine a count of the confirmation and the one or more other confirmations and determine the count is greater than a threshold number of confirmations;
  
  eighth program instructions to, subsequent to the seventh program instructions determining the count, classify another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;
  
  ninth program instructions to determine another existing or proposed connection of the other device is inconsistent with the classification of the other device; and
  
  tenth program instructions to, based on the count being greater than the threshold number of confirmations, permit another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification,wherein the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth program instructions are stored on the computer-readable storage device for execution by the CPU via the computer-readable memory.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer system of claim 9, wherein the second program instructions determine and classify the device based on the security zones to which the device is or has been connected, the quality of service requirement for one or more applications within the device, and the level of ITSM for the device.
  - 11. The computer system of claim 9, wherein the third program instructions determine that the existing or proposed connection is inconsistent with the classification of the device, and in response, modify the existing or proposed connection to be consistent with the classification of the device.
  - 12. The computer system of claim 11, wherein the third program instructions modify the existing or proposed connection by replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 13. The computer system of claim 9, wherein the third program instructions determine that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a modification of the existing or proposed connection, and subsequent to receiving the modification, determine whether the modification of the existing or proposed connection is consistent with the classification of the device.

14. A computer program product for managing a connection to or from a device, the computer program product comprising:
- computer-readable storage device(s); and
  
  computer-readable program instructions stored on the computer-readable storage device(s), the computer-readable program instructions when executed by a CPU;
  
  identify connections of the device;
  
  based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
  
  determine that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device;
  
  determine one or more other devices have one or more classifications that match the classification of the device;
  
  determine respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;
  
  receive one or more other confirmations of the one or more other existing or proposed connections;
  
  determine a count of the confirmation and the one or more other confirmations and determine the count is greater than a threshold number of confirmations;
  
  classify, subsequent to determining the count, another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;
  
  determine another existing or proposed connection of the other device is inconsistent with the classification of the other device; and
  
  based on the count being greater than the threshold number of confirmations, permit another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The program product of claim 14, wherein the computer-readable program instructions, when executed by the CPU, determine and classify the device based on the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, and the level of ITSM for the device.
  - 16. The program product of claim 14, wherein the computer-readable program instructions, when executed by the CPU, determine that the existing or proposed connection is inconsistent with the classification of the device, and in response, modify the existing or proposed connection to be consistent with the classification.
  - 17. The program product of claim 16, wherein the computer-readable program instructions, when executed by the CPU, modify the existing or proposed connection by replacing the existing or proposed connection with a new connection between the device and another device so that the new connection is in compliance with a policy that specifies the security zones to which the device is or has been connected, the quality of service requirement for the one or more applications within the device, or the level of ITSM for the device.
  - 18. The program product of claim 14, wherein the computer-readable program instructions, when executed by the CPU, determine that the existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a modification of the existing or proposed connection, and subsequent to receiving the modification, determine whether the modification of the existing or proposed connection is consistent with the classification of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Auvenshine, John J., Bartholomy, Erik, Haddock, Thomas E., Hourselt, Andrew G., Olson, John T., Paquette, Kenneth D., Walter, Victor L., Wood, Stanley C.
Primary Examiner(s)
KIM, TAE K

Application Number

US13/706,406
Publication Number

US 20140165128A1
Time in Patent Office

936 Days
Field of Search

726 1- 4, 726/21, 726/26, 726/27, 709223-232, 709238-244
US Class Current

1/1
CPC Class Codes

H04L 63/104   Grouping of entities

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

Automated security policy enforcement and auditing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Automated security policy enforcement and auditing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others