Method and system for management of security rule set
First Claim
1. A method of automatically managing one or more security rule-sets, the method comprising:
- a. obtaining data characterizing a connectivity request and data characterizing an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request;
b. automatically verifying each possible combination of values specified in different fields of the connectivity request against the initial rule-set and the amended rule-set;
c. calculating one or more values corresponding to an amount of extra allowed traffic or an amount of dissatisfied requested traffic;
d. automatically comparing the calculated values with a predefined threshold; and
e. automatically classifying the amended rule-set as appropriate for implementation if the results of the automatically comparing match a predefined verification criterion.
5 Assignments
0 Petitions
Accused Products
Abstract
There are provided a method of automated managing one or more security rule-sets and a system thereof. The method comprising: obtaining data characterizing a connectivity request and an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request; automated verifying each possible combination of values in the connectivity request against the initial rule-set and the amended rule-set; calculating one or more values selected from a group comprising values characterizing relative amount of extra allowed traffic and values characterizing relative amount of dissatisfied requested traffic; automated comparing the calculated values and/or derivatives thereof with a predefined threshold; and automated classifying the amended rule-set as applicable for implementation if the results of the automated comparing match a predefined verification criterion.
12 Citations
10 Claims
-
1. A method of automatically managing one or more security rule-sets, the method comprising:
-
a. obtaining data characterizing a connectivity request and data characterizing an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request; b. automatically verifying each possible combination of values specified in different fields of the connectivity request against the initial rule-set and the amended rule-set; c. calculating one or more values corresponding to an amount of extra allowed traffic or an amount of dissatisfied requested traffic; d. automatically comparing the calculated values with a predefined threshold; and e. automatically classifying the amended rule-set as appropriate for implementation if the results of the automatically comparing match a predefined verification criterion. - View Dependent Claims (2, 3, 10)
-
-
4. A system capable of automatically managing a security rule-set, the system comprising:
-
a. an interface operable to obtain data characterizing a connectivity request; b. an interface operable to obtain data characterizing an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request; c. means for automatically verifying each possible combination of values specified in different fields of the connectivity request against the initial rule-set and the amended rule-set; d. means for calculating one or more values corresponding to an amount of extra allowed traffic or an amount of dissatisfied requested traffic; e. means for automatically comparing the calculated values with a predefined threshold; and f. means for automatically classifying the amended rule-set as appropriate for implementation if the results of the automatically comparing match a predefined verification criterion. - View Dependent Claims (5, 6)
-
-
7. A method of automatically managing one or more security rule-sets, the method comprising:
-
a. obtaining data characterizing a connectivity request and data characterizing one or more rules in an amended rule-set, the one or more rules in the amended rule-set being derivatives of corresponding one or more rules in an initial rule-set amended to fit the connectivity request; b. automatically verifying each possible combination of values specified in different fields of the connectivity request against the one or more rules in the amended rule-set and against the corresponding one or more rules in the initial rule-set; c. calculating one or more values corresponding to an amount of extra allowed traffic or an amount of dissatisfied requested traffic; d. comparing the calculated values with a predefined threshold; and e. automatically classifying the one or more rules in the amended rule-set as inappropriate for implementation if the results of the comparing do not match a predefined verification criterion. - View Dependent Claims (8, 9)
-
Specification