×

Security policy unification across different security products

  • US 9,680,875 B2
  • Filed: 01/20/2015
  • Issued: 06/13/2017
  • Est. Priority Date: 01/20/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • at a management device including multiple security device plugins, each security device plugin to communicate over a network with a corresponding one of multiple security devices and associated with a corresponding native policy model used by the corresponding security device;

    receiving from the multiple security devices over the network via the plugins corresponding native security policies each based on the native policy model associated with the corresponding security device, each security device configured to control access to a resource according to the corresponding native security policy, wherein each native security policy includes native security rules, and each native security rule includes native rule parameters expressed according to the corresponding native policy model and configured to cause an identified security device to perform an access control operation for a type of access based on a protocol, a source address associated with the access control operation, and a destination address associated with the network access; and

    normalizing the received native security policies across the multiple security devices based on a generic policy model, to produce at least one normalized security policy that is based on the generic policy model and representative of the native security polices, the normalizing including, for each received native security policy, mapping the native rule parameters to corresponding generic rule components of the generic policy model, the mapping including mapping the source address to a {principal} component, the access control operation to an {action} component, the destination address to a {resource} component, the protocol to a {context} component, and the type of access attempted to a {result} component, to form a generic security rule in the form;

    if {principal} tries to perform an {action} on {resource} within {context} then {result}.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×