Event correlation across heterogeneous operations
US-2016301704-A1 · Oct 13, 2016 · US
Integrated security system having rule optimization
US10021115B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10021115-B2 |
| Application number | US-201514983999-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 30, 2015 |
| Priority date | Nov 3, 2015 |
| Publication date | Jul 10, 2018 |
| Grant date | Jul 10, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving one or more threats corresponding to a security device; displaying the one or more threats and one or more rules generated in response to receiving the one or more threats; receiving configuration information on the one or more generated rules; generating an optimal suggested placement of the one or more generated rules in a list of existing rules for the security device; modifying, based on an input on the displayed one or more generated rules, the optimal suggested placement of the one or more generated rules, wherein modifying the optimal suggested placement of the one or more generated rules includes determining if the modification will lead to one or more anomalies; in response to the modifying the optimal suggested placement of the one or more generated rules, generating a rule anomalies analysis report of any anomalies resulting from the modification; displaying the modified optimal suggested placement of the one or more generated rules; displaying the rule anomalies analysis report; and selectively deploying, based on an input of the displayed modified optimal suggested placement of the one or more generated rules, the modified optimal suggested placement of the one or more generated rules in the list of existing rules of the security device. 2. The method of claim 1 , wherein the one or more anomalies include shadowing. 3. The method of claim 1 , wherein the one or more anomalies include redundancy. 4. The method of claim 1 , wherein receiving configuration information includes defining IP traffic. 5. The method of claim 4 , wherein defining IP traffic includes defining at least one of a source zone, an IP address, or source user identification. 6. The method of claim 4 , wherein generating the optimal suggested placement is based on the defined IP traffic. 7. The method of claim 1 , wherein receiving configuration information includes defining an advanced security parameter to the one or more rules. 8. The method of claim 7 , wherein defining an advanced security parameter includes defining at least one rule action, advanced security, application firewall, SSL proxy, intrusion prevention system, unified threat management, or security intelligence. 9. The method of claim 7 , wherein generating the optimal suggested placement is based on the defined advanced security parameter. 10. A system comprising: one or more processors; one or more computer-readable memories; a rule analysis module that executes on one or more processors, wherein the rule analysis module: receives one or more threats corresponding to a security device, generates an optimal suggested placement of one or more generated rules in a list of existing rules for the security device, modifies, based on an input on the one or more generated rules which are displayed, the optimal suggested placement of the one or more generated rules, wherein, to modify the optimal suggested placement of the one or more generated rules includes determining if the modification will lead to one or more anomalies, and generates, in response to the modification, a rule anomalies analysis report of any anomalies resulting from the modification; and a threat control module that executes on one or more processors, wherein the threat control module: displays the one or more threats and the one or more generated rules which are generated in response to receiving the one or more threats, displays the optimal suggested placement of the one or more generated rules in the list of existing rules, displays the modified optimal suggested placement of the one or more generated rules, and displays the rule anomalies analysis report; and a policy deployment engine that executes on one or more processors, wherein the policy deployment engine selectively deploys the modified optimal suggested placement of the one or more generated rules in the list of existing rules of the security device based on an input of the displayed modified optimal suggested placement of the one or more generated rules. 11. The system of claim 10 , wherein the rule analysis module further determines the optimal suggested placement of the one or more rules based on a defined IP traffic. 12. The system of claim 10 , wherein the rule analysis module further determines the optimal suggested placement of the one or more rules based on an advanced security parameter.
Assignees
Inventors
Classifications
Vulnerability analysis · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
- H04L63/14Primary
for detecting or protecting against malicious traffic · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10021115B2 cover?
- Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device …
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/14. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).