Conditional policies
First Claim
1. A method comprising:
- detecting, via a computer having a processor configured to execute computer readable instructions, a change to a security measurement of an endpoint in a network from a first value to a second value, the security measurement of the endpoint represented by a number on a scale, a decimal number from 0-1, a binary result, or multiple values describing different security parameters;
determining, via the computer, one or more policies that are applicable to the endpoint based on the security measurement corresponding to the second value; and
updating, via the computer, policy data for the network to enforce the one or more policies with respect to the endpoint.
1 Assignment
0 Petitions
Accused Products
Abstract
Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.
540 Citations
20 Claims
-
1. A method comprising:
-
detecting, via a computer having a processor configured to execute computer readable instructions, a change to a security measurement of an endpoint in a network from a first value to a second value, the security measurement of the endpoint represented by a number on a scale, a decimal number from 0-1, a binary result, or multiple values describing different security parameters; determining, via the computer, one or more policies that are applicable to the endpoint based on the security measurement corresponding to the second value; and updating, via the computer, policy data for the network to enforce the one or more policies with respect to the endpoint. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium having computer readable instructions that, when executed by a processor of a computer, cause the computer to:
-
define a conditional policy for an endpoint in a network, the conditional policy corresponding to at least a first policy for the endpoint having a first value for a security measurement and a second policy for the endpoint having a second value for the security measurement, the security measurement represented by a number on a scale, a decimal number from 0-1, a binary result, or multiple values describing different security parameters; determine that the security measurement of the endpoint corresponds to the first value; add the first policy to a policy table of the network; and enforce the first policy. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a processor; and a memory including instructions that when executed by the processor, cause the system to; define a policy for an endpoint group in a network corresponding to a first value range for a first security measurement; detect a second security measurement corresponding to an endpoint not associated with the endpoint group; determine that the second security measurement is within the first value range; and assign the endpoint to the endpoint group, wherein, the first security measurement and/or the second security measurement is represented by a number on a scale, a decimal number from 0-1, a binary result, or multiple values describing different security parameters. - View Dependent Claims (19, 20)
-
Specification