Automatically validating enterprise firewall rules and provisioning firewall rules in computer systems

US 9,843,560 B2
Filed: 09/11/2015
Issued: 12/12/2017
Est. Priority Date: 09/11/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of automatically validating a firewall rule for provisioning in a computer system, comprising executing on one or more computer processors:

receiving from a user device one or more firewall rules for provisioning on a server;

determining based on predefined firewall rules, whether to approve one or more of the firewall rules and deny one or more of the firewall rules;

responsive to determining that one or more of the firewall rules are denied, performing additional validation of one or more of the firewall rules that are denied;

updating a firewall rule learning engine with a result of the additional validation, wherein based on the result of the additional validation, the firewall rule learning engine updates the predefined firewall rules;

provisioning one or more of the firewall rules that are approved on the server; and

opening the one or more of the firewall rules between a source server and a target server,wherein one or more of the computer processors automatically secure connections between the source server and the target server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatically validating a firewall rule for provisioning in a computer system. One or more firewall rules for provisioning on a server is received from a user device. Based on predefined firewall rules, whether to approve one or more of the firewall rules and deny one or more of the firewall rules is determined. Responsive to determining that one or more of the firewall rules are denied, additional validation of one or more of the firewall rules that are denied are performed. A firewall rule learning engine is updated with a result of the additional validation. Based on the result of the additional validation, the firewall rule learning engine updates the predefined firewall rules. One or more of the firewall rules that are approved on the server may be provisioned.

Citations

18 Claims

1. A computer-implemented method of automatically validating a firewall rule for provisioning in a computer system, comprising executing on one or more computer processors:
- receiving from a user device one or more firewall rules for provisioning on a server;
  
  determining based on predefined firewall rules, whether to approve one or more of the firewall rules and deny one or more of the firewall rules;
  
  responsive to determining that one or more of the firewall rules are denied, performing additional validation of one or more of the firewall rules that are denied;
  
  updating a firewall rule learning engine with a result of the additional validation, wherein based on the result of the additional validation, the firewall rule learning engine updates the predefined firewall rules;
  
  provisioning one or more of the firewall rules that are approved on the server; and
  
  opening the one or more of the firewall rules between a source server and a target server,wherein one or more of the computer processors automatically secure connections between the source server and the target server.
- View Dependent Claims (2, 3, 4, 5, 6, 15, 16)
- - 2. The method of claim 1, wherein the firewall rule learning engine creates one or more new firewall rules based on the additional validation and adds the new firewall rules to the predefined firewall rules.
  - 3. The method of claim 1, wherein the firewall rule learning engine implements a machine learning algorithm to automatically create the new firewall rules.
  - 4. The method of claim 3, wherein the machine learning algorithm includes a support vector machine-based algorithm.
  - 5. The method of claim 1, further comprising sending provisioning status to the user device.
  - 6. The method of claim 1, wherein a cloud management stack receives the request and performs the provisioning.
  - 15. The system of claim 1, wherein the firewall rule learning engine implements a machine learning algorithm to automatically create the new firewall rules.
  - 16. The system of claim 15, wherein the machine learning algorithm includes a support vector machine-based algorithm.

7. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of automatically validating a firewall rule for provisioning in a computer system, the method comprising:
- receiving from a user device one or more firewall rules for provisioning on a server;
  
  determining based on predefined firewall rules, whether to approve one or more of the firewall rules and deny one or more of the firewall rules;
  
  responsive to determining that one or more of the firewall rules are denied, performing additional validation of one or more of the firewall rules that are denied;
  
  updating a firewall rule learning engine with a result of the additional validation, wherein based on the result of the additional validation, the firewall rule learning engine updates the predefined firewall rules;
  
  provisioning one or more of the firewall rules that are approved on the server; and
  
  opening the one or more of the firewall rules between a source server and a target server,wherein one or more of the computer processors automatically secure connections between the source server and the target server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable storage medium of claim 7, wherein the firewall rule learning engine creates one or more new firewall rules based on the additional validation and adds the new firewall rules to the predefined firewall rules.
  - 9. The non-transitory computer readable storage medium of claim 7, wherein the firewall rule learning engine implements a machine learning algorithm to automatically create the new firewall rules.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein the machine learning algorithm includes a support vector machine-based algorithm.
  - 11. The non-transitory computer readable storage medium of claim 7, further comprising sending provisioning status to the user device.
  - 12. The non-transitory computer readable storage medium of claim 7, wherein a cloud management stack receives the request and performs the provisioning.

13. A system of automatically validating a firewall rule for provisioning in a computer system, comprising:
- a storage device;
  
  one or more computer processors operatively coupled to a communication network, one or more of the computer processors operable to receive from a user device one or more firewall rules for provisioning on a server,one or more of the computer processors determining based on predefined firewall rules stored on the storage device, whether to approve one or more of the firewall rules and deny one or more of the firewall rules,responsive to determining that one or more of the firewall rules are denied, one or more of the computer processors performing additional validation of one or more of the firewall rules that are denied;
  
  a firewall rule learning engine coupled to one or more of the computer processors;
  
  one or more of the computer processors updating the firewall rule learning engine with a result of the additional validation;
  
  based on the result of the additional validation, the firewall rule learning engine operable to update the predefined firewall rules;
  
  one or more of the computer processors operable to provision one or more of the firewall rules that are approved on the server;
  
  one or more of the computer processors opening the one or more of the firewall rules between a source server and a target server, wherein one or more of the computer processors automatically secure connections between the source server and the target server.
- View Dependent Claims (14, 17, 18)
- - 14. The system of claim 13, wherein the firewall rule learning engine creates one or more new firewall rules based on the additional validation and adds the new firewall rules to the predefined firewall rules.
  - 17. The system of claim 13, wherein one or more of the computer processors sends provisioning status to the user device.
  - 18. The system of claim 13, wherein one or more of the computer processors runs a cloud management stack that receives the request and performs the provisioning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hwang, Jinho, Dotson, Christopher R., Peterson, Brian, Wu, Frederick Y.-F.
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US14/851,981
Publication Number

US 20170078329A1
Time in Patent Office

823 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 63/0263 Rule management

Automatically validating enterprise firewall rules and provisioning firewall rules in computer systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically validating enterprise firewall rules and provisioning firewall rules in computer systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links