Management of security policies across multiple security products
First Claim
1. A method performed at a management entity, comprising:
- discovering multiple security devices connected to a network, each security device to control access to resources according to a corresponding native security policy that is based on a corresponding native policy model associated with the corresponding security device;
importing the native security policies from the corresponding security devices over the network, each native security policy including a set of native security rules, each native security rule including native rule parameters to permit or deny access to a resource based on a network protocol and at least one of a source address or a destination address;
classifying the imported native security policies into identical, similar, and unique security policy classifications having identical, similar, and unique security rules, respectively, based on commonality between the native rule parameters of the native security rules included in the native security policies across the security devices;
normalizing the classified imported native security policies across the security devices based on a generic policy model, by mapping the native rule parameters in the native security rules of each security policy to corresponding components {a principal or actor}, {action}, {a resource}, {a context}, and {perform a result} of a generic rule;
“
if {a principal or actor} tries to perform an {action) on {a resource} within {a context} then {perform a result}, to produce normalized security policies; and
processing security events received from the security devices using the normalized security policies.
1 Assignment
0 Petitions
Accused Products
Abstract
A management entity discovers security devices connected to a network. Each security device controls access to resources by devices associated with the security device according to a corresponding native security policy that is based on a corresponding native policy model associated with the security device. The management entity imports the native security policies from the corresponding security devices over the network, and normalizes the imported native security policies across the security devices based on a generic policy model, to produce normalized security policies that are based on the generic policy model and representative of the native security polices. The management entity receives security events from the security devices, and processes the received security events among the security devices based on the normalized security policies.
67 Citations
18 Claims
-
1. A method performed at a management entity, comprising:
-
discovering multiple security devices connected to a network, each security device to control access to resources according to a corresponding native security policy that is based on a corresponding native policy model associated with the corresponding security device; importing the native security policies from the corresponding security devices over the network, each native security policy including a set of native security rules, each native security rule including native rule parameters to permit or deny access to a resource based on a network protocol and at least one of a source address or a destination address; classifying the imported native security policies into identical, similar, and unique security policy classifications having identical, similar, and unique security rules, respectively, based on commonality between the native rule parameters of the native security rules included in the native security policies across the security devices; normalizing the classified imported native security policies across the security devices based on a generic policy model, by mapping the native rule parameters in the native security rules of each security policy to corresponding components {a principal or actor}, {action}, {a resource}, {a context}, and {perform a result} of a generic rule;
“
if {a principal or actor} tries to perform an {action) on {a resource} within {a context} then {perform a result}, to produce normalized security policies; andprocessing security events received from the security devices using the normalized security policies. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a network interface unit to connect with a network; and a processor coupled to the network interface unit to; discover multiple security devices connected to the network, each security device to control access to resources according to a corresponding native security policy that is based on a corresponding native policy model associated with the corresponding security device, each native security policy including a set of native security rules, each native security rule including native rule parameters to permit or deny access to a resource based on a network protocol and at least one of a source address or a destination address; import the native security policies from the corresponding security devices over the network; classify the imported native security policies into identical, similar, and unique security policy classifications having identical, similar, and unique security rules, respectively, based on commonality between the native rule parameters of the native security rules included in the native security policies across the security devices; normalize the classified imported native security policies across the security devices based on a generic policy model, by mapping the native rule parameters in the native security rules of each security policy to corresponding components {a principal or actor}, {action}, {a resource}, {a context}, and {perform a result} of a generic rule;
“
if {a principal or actor} tries to perform an {action) on {a resource} within {a context} then {perform a result}, to produce normalized security policies; andprocess security events received from the security devices using the normalized security policies. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory tangible computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to:
-
discover multiple security devices connected to the network, each security device to control access to resources according to a corresponding native security policy that is based on a corresponding native policy model associated with the corresponding security device, each native security policy including a set of native security rules, each native security rule including native rule parameters to permit or deny access to a resource based on a network protocol and at least one of a source address or a destination address; import the native security policies from the corresponding security devices over the network; classify the imported native security policies into identical, similar, and unique security policy classifications having identical, similar, and unique security rules, respectively, based on commonality between the native rule parameters of the native security rules included in the native security policies across the security devices; normalize the classified imported native security policies across the security devices based on a generic policy model, by mapping the native rule parameters in the native security rules of each security policy to corresponding components {a principal or actor}, {action}, {a resource}, {a context}, and {perform a result} of a generic rule;
“
if {a principal or actor} tries to perform an {action) on {a resource} within {a context} then {perform a result}, to produce normalized security policies; andprocess security events received from the security devices using the normalized security policies. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification