System and method for automated policy audit and remediation management
First Claim
1. One or more non-transitory computer-readable storage media storing instructions that, when executed, cause a computing device to perform a method, the method comprising:
- initiating a network audit;
testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results;
providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy;
applying the network policy;
determining compliance with the network policy;
generating a task based on the compliance determination;
assigning the task for execution; and
monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version.
11 Assignments
0 Petitions
Accused Products
Abstract
A prevention-based network auditing system includes a central compliance server providing a user interface allowing a user to schedule and configure a network audit. The configured audit is stored in an audit repository until its scheduled time. At such a time, the compliance server automatically invokes one or more audit servers to gather information about the network. The compliance server receives the gathered information and electronically applies a network policy to the information for determining compliance with the policy. A remediation task may be generated if the policy has been violated, and the task monitored until its completion.
560 Citations
25 Claims
-
1. One or more non-transitory computer-readable storage media storing instructions that, when executed, cause a computing device to perform a method, the method comprising:
-
initiating a network audit; testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results; providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy; applying the network policy; determining compliance with the network policy; generating a task based on the compliance determination; assigning the task for execution; and monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A server, comprising:
-
a processor; and a memory coupled to the processor, wherein the server is configured to; initiate a network audit; test a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results; provide one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy; apply the network policy; determine compliance with the network policy; generate a task based on the compliance determination; assign the task for execution; and monitor a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version. - View Dependent Claims (18, 19)
-
-
20. A method to be performed in conjunction with at least one processor, the method comprising:
-
initiating a network audit; testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results; providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy; applying the network policy; determining compliance with the network policy; generating a task based on the compliance determination; assigning the task for execution; and monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification