What technology area does this patent fall under?

Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 22 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Managing firewall rules based on triggering statistics

US11258816B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11258816-B2
Application number	US-201916546513-A
Country	US
Kind code	B2
Filing date	Aug 21, 2019
Priority date	Jul 23, 2019
Publication date	Feb 22, 2022
Grant date	Feb 22, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments described herein relate to managing firewall rules. Embodiments include identifying a plurality of firewall rules for request handling. Embodiments include determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule. Embodiments include determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against. Embodiments include determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule. Embodiments include determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules.

First claim

Opening claim text (preview).

We claim: 1. A method for managing firewall rules, comprising: identifying a plurality of firewall rules for request handling, wherein a firewall is configured to apply the plurality of firewall rules to packets transmitted in a networking environment; determining, based on the firewall applying the plurality of firewall rules to the packets transmitted in the networking environment, a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule; determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against; determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule; determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules; and modifying the at least one firewall rule based on the update. 2. The method of claim 1 , wherein determining the urgency measure for a given firewall rule of the plurality of firewall rules comprises multiplying the deny count for the given firewall rule by the anomaly score for the given firewall rule to determine a product. 3. The method of claim 2 , wherein determining the urgency measure for the given firewall rule of the plurality of firewall rules comprises normalizing the product based on the deny count for each given firewall rule of the plurality of firewall rules and the anomaly score for each given firewall rule of the plurality of firewall rules. 4. The method of claim 1 , further comprising: receiving a request; flagging the request based on one or more firewall rules of the plurality of firewall rules; and incrementing the deny count for each respective firewall rule of the one or more firewall rules to produce an updated deny count for the respective firewall rule. 5. The method of claim 4 , further comprising updating the urgency measure for the respective firewall rule based on the updated deny count for the respective firewall rule. 6. The method of claim 1 , wherein the plurality of firewall rules relate to a web application firewall. 7. The method of claim 1 , wherein determining the update to the at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules comprises: determining an order for displaying the plurality firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules; displaying the plurality of firewall rules via a user interface in the order; and receiving, in response to the displaying, input defining the update via the user interface. 8. The method of claim 7 , wherein the update comprises an exception to the at least one firewall rule. 9. A computer system comprising: one or more processors; and a non-transitory computer-readable medium storing instructions that, when executed, cause the one or more processors to perform a method for managing firewall rules, the method comprising: identifying a plurality of firewall rules for request handling, wherein a firewall is configured to apply the plurality of firewall rules to packets transmitted in a networking environment; determining, based on the firewall applying the plurality of firewall rules to the packets transmitted in the networking environment, a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule; determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against; determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule; determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules; and modifying the at least one firewall rule based on the update. 10. The computer system of claim 9 , wherein determining the urgency measure for a given firewall rule of the plurality of firewall rules comprises multiplying the deny count for the given firewall rule by the anomaly score for the given firewall rule to determine a product. 11. The computer system of claim 10 , wherein determining the urgency measure for the given firewall rule of the plurality of firewall rules comprises normalizing the product based on the deny count for each given firewall rule of the plurality of firewall rules and the anomaly score for each given firewall rule of the plurality of firewall rules. 12. The computer system of claim 9 , wherein the method further comprises: receiving a request; flagging the request based on one or more firewall rules of the plurality of firewall rules; and incrementing the deny count for each respective firewall rule of the one or more firewall rules to produce an updated deny count for the respective firewall rule. 13. The computer system of claim 12 , wherein the method further comprises updating the urgency measure for the respective firewall rule based on the updated deny count for the respective firewall rule. 14. The computer system of claim 9 , wherein the plurality of firewall rules relate to a web application firewall. 15. The computer system of claim 9 , wherein determining the update to the at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules comprises: determining an order for displaying the plurality firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules; displaying the plurality of firewall rules via a user interface in the order; and receiving, in response to the displaying, input defining the update via the user interface. 16. The computer system of claim 15 , wherein the update comprises an exception to the at least one firewall rule. 17. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors of a computing system, cause the computing system to perform a method for managing firewall rules, the method comprising: identifying a plurality of firewall rules for request handling, wherein a firewall is configured to apply the plurality of firewall rules to packets transmitted in a networking environment; determining, based on the firewall applying the plurality of firewall rules to the packets transmitted in the networking environment, a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule; determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against; determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule; determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rul

Assignees

Vmware Inc

Inventors

Classifications

H04W12/08
Access security · CPC title
H04L63/0263
Rule management · CPC title
H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
H04W12/088
using filters or firewalls · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 74187445

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11258816B2 cover?: Embodiments described herein relate to managing firewall rules. Embodiments include identifying a plurality of firewall rules for request handling. Embodiments include determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule. Embodiments include determining an anomaly score for each given…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 22 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).