SYSTEMS AND METHODS FOR EXTENDING SECURITY PLATFORMS TO CLOUD-BASED NETWORKS

US 20100217850A1
Filed: 02/24/2009
Published: 08/26/2010
Est. Priority Date: 02/24/2009
Status: Active Grant

First Claim

Patent Images

1. A method of managing a network, comprising;

generating a set of security policies for a set of managed machines in a network;

identifying a cloud-accessible subset of the set of managed machines configured to be exposed to an external cloud environment; and

generating a partitioned security class in the set of security policies identifying a set of access conditions to permit access of the cloud-accessible subset to the external cloud environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to systems and methods for extending a network security platform to a cloud-based network. A set of managed machines, such as personal computers or servers, can be managed by a network security engine. The network security engine can govern access to and operation of the set of managed machines through a set of security policies. According to embodiments, the set of security policies can be sub-divided into a partitioned security class corresponding to a subset of the managed network which is intended to be deployed as a cloud-accessible subset of the overall managed network. The partitioned security class can specify access restrictions for the cloud-accessible subset to receive resources from or provide resources to the external cloud environment. A corporate campus network or other managed network can therefore permit access of the cloud to some or all of its machines, while still maintaining desired local security conditions.

238 Citations

20 Claims

1. A method of managing a network, comprising;
- generating a set of security policies for a set of managed machines in a network;
  
  identifying a cloud-accessible subset of the set of managed machines configured to be exposed to an external cloud environment; and
  
  generating a partitioned security class in the set of security policies identifying a set of access conditions to permit access of the cloud-accessible subset to the external cloud environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the network comprises at least one of a local area network, a metropolitan area network, and a wide area network.
  - 3. The method of claim 1, wherein the network comprises at least one of a wired network and a wireless network located in a single campus.
  - 4. The method of claim 1, wherein the access of the cloud-accessible subset to the external could environment comprises at least one of providing resources from the cloud-accessible subset to the external cloud environment and receiving resources from the external cloud environment in the cloud-accessible subset.
  - 5. The method of claim 1, wherein the set of access conditions comprises at least one of limitations on processor cycles, limitations on memory access, limitations on storage access, limitations on input/output bandwidth, limitations on scheduled access time, limitations on use of applications, and limitations on access to user profile data.
  - 6. The method of claim 1, wherein the cloud-accessible subset comprises a dynamically selectable cloud-accessible subset in the set of managed machines.
  - 7. The method of claim 1, wherein the external cloud environment is managed by a cloud management system configured to communicate with the cloud-accessible subset.

8. A network security platform, comprising:
- an interface to a set of machines in a managed network; and
  
  a network security engine, communicating with the cloud-accessible subset via the interface, the network security engine being configured to—
  
  generate a set of security policies for the set of managed machines in a network,identify a cloud-accessible subset of the set of managed machines configured to be exposed to an external cloud environment, andgenerate a partitioned security class in the set of security policies identifying a set of access conditions to permit access of the cloud-accessible subset to the external cloud environment.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The network security platform of claim 8, wherein the network comprises at least one of a local area network, a metropolitan area network, and a wide area network.
  - 10. The network security platform of claim 8, wherein the network comprises at least one of a wired network and a wireless network located in a single campus.
  - 11. The network security platform of claim 8, wherein the access of the cloud-accessible subset to the external could environment comprises at least one of providing resources from the cloud-accessible subset to the external cloud environment and receiving resources from the external cloud environment in the cloud-accessible subset.
  - 12. The network security platform of claim 8, wherein the set of access conditions comprises at least one of limitations on processor cycles, limitations on memory access, limitations on storage access, limitations on input/output bandwidth, limitations on scheduled access time, limitations on use of applications, and limitations on access to user profile data.
  - 13. The network security platform of claim 8, wherein the cloud-accessible subset comprises a dynamically selectable cloud-accessible subset in the set of managed machines.
  - 14. The network security platform of claim 8, wherein the external cloud environment is managed by a cloud management system configured to communicate with the cloud-accessible subset.

15. A set of machines, the set of machines being configured for interaction with a cloud environment by a method comprising:
- generating a set of security policies for a set of managed machines in a network;
  
  identifying a cloud-accessible subset of the set of managed machines configured to be exposed to an external cloud environment, andgenerating a partitioned security class in the set of security policies identifying a set of access conditions to permit access of the cloud-accessible subset to the external cloud environment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The set of machines of claim 15, wherein the network comprises at least one of a local area network, a metropolitan area network, and a wide area network.
  - 17. The set of machines of claim 15, wherein the network comprises at least one of a wired network and a wireless network located in a single campus.
  - 18. The set of machines of claim 15, wherein the access of the cloud-accessible subset to the external could environment comprises at least one of providing resources from the cloud-accessible subset to the external cloud environment and receiving resources from the external cloud environment in the cloud-accessible subset.
  - 19. The set of machines of claim 15, wherein the set of access conditions comprises at least one of limitations on processor cycles, limitations on memory access, limitations on storage access, limitations on input/output bandwidth, limitations on scheduled access time, limitations on use of applications, and limitations on access to user profile data.
  - 20. The set of machines of claim 15, wherein the cloud-accessible subset comprises a dynamically selectable cloud-accessible subset in the set of managed machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Ferris, James Michael

Granted Patent

US 8,977,750 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 63/20 for managing network securi...

SYSTEMS AND METHODS FOR EXTENDING SECURITY PLATFORMS TO CLOUD-BASED NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

238 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR EXTENDING SECURITY PLATFORMS TO CLOUD-BASED NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

238 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links