System and method for automated policy audit and remediation management

US 9,094,434 B2
Filed: 08/26/2013
Issued: 07/28/2015
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable storage media storing instructions that, when executed, cause a computing device to perform a method, the method comprising:

initiating a network audit;

testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results;

providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy;

applying the network policy;

determining compliance with the network policy;

generating a task based on the compliance determination;

assigning the task for execution; and

monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a central compliance server providing a user interface allowing a user to schedule and configure a network audit. The configured audit is stored in an audit repository until its scheduled time. At such a time, the compliance server automatically invokes one or more audit servers to gather information about the network. The compliance server receives the gathered information and electronically applies a network policy to the information for determining compliance with the policy. A remediation task may be generated if the policy has been violated, and the task monitored until its completion.

560 Citations

25 Claims

1. One or more non-transitory computer-readable storage media storing instructions that, when executed, cause a computing device to perform a method, the method comprising:
- initiating a network audit;
  
  testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results;
  
  providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy;
  
  applying the network policy;
  
  determining compliance with the network policy;
  
  generating a task based on the compliance determination;
  
  assigning the task for execution; and
  
  monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The one or more computer-readable storage media of claim 1, the method further comprising adding at least one of the additional rules to the network policy prior to applying the network policy.
  - 3. The one or more computer-readable storage media of claim 1, wherein the task includes a remediation task.
  - 4. The one or more computer-readable storage media of claim 1, wherein the status of the task is set to an unassigned state in response to the generation of the task.
  - 5. The one or more computer-readable storage media of claim 1, wherein the task is assigned to an entity based on at least one of a role and a geographic responsibility.
  - 6. The one or more computer-readable storage media of claim 1, wherein the status of the task is set to an assigned state in response to the assignment of the task for execution.
  - 7. The one or more computer-readable storage media of claim 1, the method further comprising transmitting a notification to an entity to which the task is assigned, wherein the notification includes a hyperlink to a remediation update function.
  - 8. The one or more computer-readable storage media of claim 1, the method further comprising distributing the task to a plurality of audit scanners for auditing the network based on a determined load.
  - 9. The one or more computer-readable storage media of claim 1, wherein the task is prioritized based on at least one of a severity of a policy violation and a length of exposure of the policy violation.
  - 10. The one or more computer-readable storage media of claim 1, the method further comprising determining whether a particular audit result discovered devices for which a policy rule should exist.
  - 11. The one or more computer-readable storage media of claim 10, wherein the particular audit result identified an existence of a wireless access point (WAP) for which no rules existed in the network policy.
  - 12. The one or more computer-readable storage media of claim 1, the method further comprising maintaining a table of network assets for which rules should exist in the network policy.
  - 13. The one or more computer-readable storage media of claim 1, the method further comprising providing a list of recommended rules to be applied to scan results generated by one or more audit scanners.
  - 14. The one or more computer-readable storage media of claim 1, the method further comprising ranking the additional rules based on their respective importance, which is based, at least in part, on a severity meter setting for violations corresponding to each of the additional rules.
  - 15. The one or more computer-readable storage media of claim 1, the method further comprising:
    - identifying wireless access points (WAPs) for wireless networks; and
      
      testing the WAPs to determine their logical location on a global network.
  - 16. The one or more computer-readable storage media of claim 15, the method further comprising:
    - determining whether media access control (MAC) address filtering is initiated for one or more of the WAPs.

17. A server, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the server is configured to;
  
  initiate a network audit;
  
  test a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results;
  
  provide one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy;
  
  apply the network policy;
  
  determine compliance with the network policy;
  
  generate a task based on the compliance determination;
  
  assign the task for execution; and
  
  monitor a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version.
- View Dependent Claims (18, 19)
- - 18. The server of claim 17, wherein the task is prioritized based on at least one of a severity of a policy violation and a length of exposure of the policy violation.
  - 19. The server of claim 17, wherein the server is further configured to:
    - rank the additional rules based on their respective importance, which is based, at least in part, on a severity meter setting for violations corresponding to each of the additional rules.

20. A method to be performed in conjunction with at least one processor, the method comprising:
- initiating a network audit;
  
  testing a network policy prior to deployment of the network policy, wherein the network policy is tested against past network audit results;
  
  providing one or more recommendations in response to the testing of the network policy, the one or more recommendations including additional rules to be added to the network policy;
  
  applying the network policy;
  
  determining compliance with the network policy;
  
  generating a task based on the compliance determination;
  
  assigning the task for execution; and
  
  monitoring a status of the task, wherein a rollback function is provided that allows one or more system components to be returned to a previous version.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, further comprising distributing the task to a plurality of audit scanners for auditing the network based on a determined load.
  - 22. The method of claim 20, wherein the task is prioritized based on at least one of a severity of a policy violation and a length of exposure of the policy violation.
  - 23. The method of claim 20, further comprising determining whether a particular audit result discovered devices for which a policy rule should exist.
  - 24. The method of claim 20, further comprising ranking the additional rules based on their respective importance, which is based, at least in part, on a severity meter setting for violations corresponding to each of the additional rules.
  - 25. The method of claim 20, further comprising:
    - identifying wireless access points (WAPs) for wireless networks; and
      
      testing the WAPs to determine their logical location on a global network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Williams, John Leslie, Costello, Brian, Ravenel, John Patrick, Ritter, Stephen J., Pelly, John, Rutherford, M. Celeste, Payne, John
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Shirazi, Sayed Beheshti

Application Number

US14/010,498
Publication Number

US 20130347107A1
Time in Patent Office

701 Days
Field of Search

726/2, 726/22, 726/25, 709/224
US Class Current

1/1
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for automated policy audit and remediation management

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

560 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for automated policy audit and remediation management

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

560 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links