Applying security policy to an application session
First Claim
1. A method for applying a security policy to an application session, comprising:
- inspecting, by a security gateway, a data packet for the application session and storing a first host identity and an application session time in an application session record;
determining, by the security gateway, from the data packet for the application session a first user identity and storing the first user identity in the application session record;
determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the first host identity and the application session time of the application session record;
storing the second user identity as a network user identity in the application session record;
obtaining, by the security gateway, a security policy comprising network parameters mapped to the network user identity; and
applying the security policy to the application session by the security gateway.
1 Assignment
0 Petitions
Accused Products
Abstract
Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
279 Citations
20 Claims
-
1. A method for applying a security policy to an application session, comprising:
-
inspecting, by a security gateway, a data packet for the application session and storing a first host identity and an application session time in an application session record; determining, by the security gateway, from the data packet for the application session a first user identity and storing the first user identity in the application session record; determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the first host identity and the application session time of the application session record; storing the second user identity as a network user identity in the application session record; obtaining, by the security gateway, a security policy comprising network parameters mapped to the network user identity; and applying the security policy to the application session by the security gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer program product for applying a security policy to an application session, the computer program product comprising:
a non-transitory computer readable storage medium having computer readable program code embodied thereon, the computer readable program code configured to; inspect, by a security gateway, a data packet for the application session and store a first host identity and an application session time in an application session record; determine, by the security gateway, from the data packet for the application session a first user identity and store the first user identity in the application session record; determine, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the first host identity and the application session time of the application session record; store the second user identity as a network user identity in the application session record; obtain, by the security gateway, the security policy comprising network parameters mapped to the network user identity; and apply the security policy to the application session by the security gateway. - View Dependent Claims (15, 16, 17)
-
18. A system, comprising:
-
a corporate directory comprising at least one security policy; and a security gateway, wherein the security gateway; inspects a data packet for an application session and stores a first host identity and an application session time in an application session record; determines from the data packet for the application session a first user identity and stores the first user identity in the application session record; determines a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the first host identity and the application session time of the application session record; stores the second user identity as a network user identity in the application session record; obtains the security policy comprising network parameters mapped to the network user identity; and applies the security policy to the application session. - View Dependent Claims (19, 20)
-
Specification