Systems and methods for dynamic network security control and configuration
First Claim
1. A computer-implemented method comprising:
- storing, in at least one database, data regarding a plurality of logical zones, each logical zone associated with a grouping of assets;
identifying, by at least one processor, an asset associated with a first logical zone;
storing, in the at least one database, data regarding the asset, the data comprising attribute data for the asset;
detecting a change in an attribute of the asset; and
in response to detecting the change in the attribute of the asset;
modifying, by the at least one processor, a configuration setting for a firewall, andmoving the asset from the first logical zone to a second logical zone, the moving comprising updating information in the at least one database to indicate that the asset is a member of the second logical zone.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method according to one embodiment of the present disclosure includes identifying, by a computer system, an asset associated with a logical zone; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset, modifying, by the computer system, a configuration setting for a firewall. Among other things, the embodiments of the present disclosure can perform dynamically configure and control security features in response to changes in the computing environment, including asset attribute changes, security events, operational events, user input and environmental changes. Embodiments of the present disclosure thereby help to quickly maintain or change the security posture of a system and maintain the level of compliance with set of predefined security benchmarks or codified best practices.
-
Citations
19 Claims
-
1. A computer-implemented method comprising:
-
storing, in at least one database, data regarding a plurality of logical zones, each logical zone associated with a grouping of assets; identifying, by at least one processor, an asset associated with a first logical zone; storing, in the at least one database, data regarding the asset, the data comprising attribute data for the asset; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset; modifying, by the at least one processor, a configuration setting for a firewall, and moving the asset from the first logical zone to a second logical zone, the moving comprising updating information in the at least one database to indicate that the asset is a member of the second logical zone. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory, computer-readable medium storing instructions that, when executed, cause a computing device to:
-
store, in at least one database, data regarding a plurality of logical zones, each logical zone associated with a grouping of assets; identify, by at least one processor, an asset associated with a first logical zone; store, in the at least one database, data regarding the asset, the data comprising attribute data for the asset; detect a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset; modify, by the at least one processor, a configuration setting for a firewall, and move the asset from the first logical zone to a second logical zone, the moving comprising updating information in the at least one database to indicate that the asset is a member of the second logical zone.
-
-
19. A system comprising:
-
at least one database; at least one processor; and memory in communication with the at least one processor and storing instructions that, when executed by the processor, cause the system to; store, in the at least one database, data regarding a plurality of logical zones, each logical zone associated with a grouping of assets; identify an asset associated with a first logical zone; store, in the at least one database, data regarding the asset, the data comprising attribute data for the asset; detect a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset; modify a configuration setting for a firewall, and move the asset from the first logical zone to a second logical zone, the moving comprising updating information in the at least one database to indicate that the asset is a member of the second logical zone.
-
Specification