Applying a network traffic policy to an application session
First Claim
1. A method for applying a security policy to an application session, comprising:
- determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session, the determining comprising;
inspecting, by the security gateway, the data packet for the application session and storing a host identity and an application session time in an application session record;
determining, by the security gateway, from the data packet for the application session a user identity and storing the user identity in the application session record;
determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity, and the access session time match the host identity and the application session time of the application session record;
storing the second user identity in the application session record;
obtaining, by the security gateway, a security policy for the application session based on the first user identity or the second user identity; and
applying the security policy to the application session by the security gateway.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
288 Citations
17 Claims
-
1. A method for applying a security policy to an application session, comprising:
-
determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session, the determining comprising; inspecting, by the security gateway, the data packet for the application session and storing a host identity and an application session time in an application session record; determining, by the security gateway, from the data packet for the application session a user identity and storing the user identity in the application session record; determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity, and the access session time match the host identity and the application session time of the application session record; storing the second user identity in the application session record; obtaining, by the security gateway, a security policy for the application session based on the first user identity or the second user identity; and applying the security policy to the application session by the security gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a corporate directory comprising a plurality of security policies; and a security gateway, wherein the security gateway; determines a first user identity and a second user identity from a data packet for an application session, the determining comprising; inspecting the data packet for the application session and storing a host identity and an application session time in an application session record; determining from the data packet for the application session a user identity and storing the user identity in the application session record; determining a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity, and the access session time match the host identity and the application session time of the application session record; storing the second user identity in the application session record; obtains a security policy for the application session, the security policy based on the first user identity or the second user identity; and applies the security policy to the application session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium having computer readable program code embodied therewith for routing data packets of an application session, the computer readable program code configured to:
-
determine, by a security gateway, a first user identity and a second user identity from a data packet for an application session, the determining comprising; inspecting, by the security gateway, the data packet for the application session and storing a host identity and an application session time in an application session record; determining, by the security gateway, from the data packet for the application session a user identity and storing the user identity in the application session record; determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity, and the access session time match the host identity and the application session time of the application session record; storing the second user identity in the application session record; obtain, by the security gateway, a security policy for the application session based on the first user identity or the second user identity; and apply the security policy to the application session by the security gateway.
-
Specification