Method and apparatus for optimizing a firewall
First Claim
Patent Images
1. A method for optimizing a set of rules associated with a firewall security policy, the method comprising:
- examining stored characteristics associated with network traffic monitored by a firewall;
determining rule invocation of one or more rules in a first set of rules, with respect to the network traffic, the first set of rules being associated with a firewall security policy;
automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein performing the online adaptation technique further comprises;
generating a long-term rule hit profile based on traffic variability;
comparing a short-term traffic pattern with the long-term rule hit profile; and
generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and
enforcing the firewall security policy, based on the second set of rules.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a method and system for optimizing a first set of rules enforced by a firewall on network traffic. Characteristics of the network traffic are examined and these characteristics are used to generate a second set of rules. The first set of rules may have a different order than the second set of rules.
34 Citations
24 Claims
-
1. A method for optimizing a set of rules associated with a firewall security policy, the method comprising:
-
examining stored characteristics associated with network traffic monitored by a firewall; determining rule invocation of one or more rules in a first set of rules, with respect to the network traffic, the first set of rules being associated with a firewall security policy; automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein performing the online adaptation technique further comprises; generating a long-term rule hit profile based on traffic variability; comparing a short-term traffic pattern with the long-term rule hit profile; and generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and enforcing the firewall security policy, based on the second set of rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A firewall enforcing a set of rules associated with a firewall security policy, the firewall comprising:
-
a traffic based optimizer configured to; examine stored characteristics associated with network traffic monitored by the firewall; determine rule invocation of one or more rules in a first set of rules with respect to the network traffic, the first set of rules being associated with a firewall security policy; and automatically generate a second set of rules based on the rule invocation, by at least performing an online adaptation technique comprising generating a long-term rule hit profile based on traffic variability, comparing a short-term traffic pattern with the long-term rule hit profile, and generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; the firewall configured to enforce the firewall security policy, based on the second set of rules. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A firewall enforcing a set of rules associated with a firewall security policy, the firewall comprising:
-
means for examining stored characteristics associated with network traffic monitored by the firewall; means for determining rule invocation of one or more rules in a first set of rules with respect to the network traffic, the first set of rules being associated with a firewall security policy; means for automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein the means for performing an online adaptation technique further comprises; means for generating a long-term rule hit profile based on traffic variability; means for comparing a short-term traffic pattern with the long-term rule hit profile; and means for generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and means for enforcing the firewall security policy, based on the second set of rules. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification