Classification of security policies across multiple security products
First Claim
Patent Images
1. A method performed at a management entity, comprising:
- connecting with security devices across a network, each security device configured to operate in accordance with one or more security policies, each security policy including one or more security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource;
importing, over the network, the security policies from the security devices;
classifying the security policies into one or more identical security policy classifications when all of their associated rule parameters are equivalent to each other, one or more similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and one or more unique security policy classifications when none of their associated rule parameters are equivalent to each other;
displaying a list of the rule parameters for each security policy classification and a filter option to specify a rule parameter associated with each security policy classification;
receiving a specified rule parameter through the filter option; and
displaying all of the rules in each security policy classification that includes a rule parameter that matches the specified rule parameter.
1 Assignment
0 Petitions
Accused Products
Abstract
A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.
-
Citations
16 Claims
-
1. A method performed at a management entity, comprising:
-
connecting with security devices across a network, each security device configured to operate in accordance with one or more security policies, each security policy including one or more security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource; importing, over the network, the security policies from the security devices; classifying the security policies into one or more identical security policy classifications when all of their associated rule parameters are equivalent to each other, one or more similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and one or more unique security policy classifications when none of their associated rule parameters are equivalent to each other; displaying a list of the rule parameters for each security policy classification and a filter option to specify a rule parameter associated with each security policy classification; receiving a specified rule parameter through the filter option; and displaying all of the rules in each security policy classification that includes a rule parameter that matches the specified rule parameter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a network interface unit to connect with a network; and a processor coupled to the network interface unit to; connect with security devices across a network, each security device configured to operate in accordance with one or more security policies, each security policy including one or more security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource; import, over the network, data describing the security policies from the security devices; classify the security policies into one or more identical security policy classifications when all of their associated rule parameters are equivalent to each other, one or more similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and one or more unique security policy classifications when none of their associated rule parameters are equivalent to each other; generate for display a list of the rule parameters for each security policy classification and a filter option to specify a rule parameter associated with each security policy classification; receive a specified rule parameter through the filter option; and generate for display all of the rules in each security policy classification that includes a rule parameter that matches the specified rule parameter. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory tangible computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to:
-
connect with security devices across a network, each security device configured to operate in accordance with one or more security policies, each security policy including one or more security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource; import, over the network, data describing the security policies from the security devices; classify the security policies into one or more identical security policy classifications when all of their associated rule parameters are equivalent to each other, one or more similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and one or more unique security policy classifications when none of their associated rule parameters are equivalent to each other; generate for display a list of the rule parameters for each security policy classification and a filter option to specify a rule parameter associated with each security policy classification; receive a specified rule parameter through the filter option; and generate for display all of the rules in each security policy classification that includes a rule parameter that matches the specified rule parameter. - View Dependent Claims (13, 14, 15, 16)
-
Specification