Classification of security policies across multiple security products
First Claim
Patent Images
1. A method comprising:
- at a management entity;
importing information included in security policies from security devices configured to operate in accordance with respective ones of the security policies, wherein each security policy includes security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource based on a network protocol, a source address or a destination address, and a device port;
comparing the rule parameters of each rule of each security policy across the security policies;
based on results of the comparing, classifying the security policies into identical security policy classifications when all of their associated rule parameters are equivalent to each other, similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and unique security policy classifications when none of the associated rule parameters are equivalent to each other;
displaying the security policy classifications as selectable security policy classifications;
receiving an entry of a policy template name and selections of multiple security policy classifications;
assigning the security policies in the multiple selected security policy classifications to a security policy template identified by the entered policy template name; and
displaying a menu which shows editable security rules of the security policy template.
0 Assignments
0 Petitions
Accused Products
Abstract
A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.
68 Citations
20 Claims
-
1. A method comprising:
at a management entity; importing information included in security policies from security devices configured to operate in accordance with respective ones of the security policies, wherein each security policy includes security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource based on a network protocol, a source address or a destination address, and a device port; comparing the rule parameters of each rule of each security policy across the security policies; based on results of the comparing, classifying the security policies into identical security policy classifications when all of their associated rule parameters are equivalent to each other, similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and unique security policy classifications when none of the associated rule parameters are equivalent to each other; displaying the security policy classifications as selectable security policy classifications; receiving an entry of a policy template name and selections of multiple security policy classifications; assigning the security policies in the multiple selected security policy classifications to a security policy template identified by the entered policy template name; and displaying a menu which shows editable security rules of the security policy template. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. An apparatus comprising:
-
a network interface unit to connect with a network; and a processor coupled to the network interface unit to; import information included in security policies from security devices configured to operate in accordance with respective ones of the security policies, wherein each security policy includes security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource based on a network protocol, a source address or a destination address, and a device port; compare the rule parameters of each rule of each security policy across the security policies; based on results of the compare, classify the security policies into identical security policy classifications when all of their associated rule parameters are equivalent to each other, similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and unique security policy classifications when none of the associated rule parameters are equivalent to each other; generate for display the security policy classifications as selectable security policy classifications; receive an entry of a policy template name and selections of multiple security policy classifications; assign the security policies in the multiple selected security policy classifications to a security policy template having the entered policy template name; and generate for display a menu which shows editable security rules of the security policy template. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory tangible computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to:
-
import information included in security policies from security devices configured to operate in accordance with respective ones of the security policies, wherein each security policy includes security rules, each security rule including a set of rule parameters configured to permit or deny access to a resource based on a network protocol, a source address or a destination address, and a device port; compare the rule parameters of each rule of each security policy across the security policies; based on results of the compare, classify the security policies into identical security policy classifications when all of their associated rule parameters are equivalent to each other, similar security policy classifications when only some of their associated rule parameters are equivalent to each other, and unique security policy classifications when none of the associated rule parameters are equivalent to each other; generate for display the security policy classifications as selectable security policy classifications; receive an entry of a policy template name and selections of multiple security policy classifications; assign the security policies in the multiple selected security policy classifications to a security policy template having the entered policy template name; and generate of display a menu which shows editable security rules of the security policy template. - View Dependent Claims (17, 18, 19, 20)
-
Specification