知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

10 records (took 0.045 seconds)

    User Interface Driven Translation, Comparison, Unification, and Deployment of Device Neutral Network Security Policies
    1.
    发明申请
    User Interface Driven Translation, Comparison, Unification, and Deployment of Device Neutral Network Security Policies 有权
    用户界面驱动的翻译,比较,统一和部署设备中性网络安全策略

    公开(公告)号:US20160344743A1

    公开(公告)日:2016-11-24

    申请号:US14725489

    申请日:2015-05-29

    Applicant: Cisco Technology, Inc.

    Inventor: Yedidya Dotan Jason M. Perry Denis Knjazihhin Zachary D. Siswick Sachin Vasant

    IPC: H04L29/06 G06F17/30

    CPC classification number: H04L63/108 G06F17/30554 G06F17/30867 H04L63/0227 H04L63/0263

    Abstract: A method is performed at a management device to manage multiple network security devices over a network. The security devices are configured to control access to network accessible resources. A query is received. In response to the received query, a respective native security rule that references the specific resource is collected from each security device, where each native security rule is based on a respective native rule model associated with the security device from which the native security rule is collected. Each native security rule is translated into a respective normalized rule that is based on a generic rule model. The respective normalized rules are compared to each other to generate compare results. Based on the compare results, an indication of whether each security device allows or blocks access to the specific resource is generated.

    Abstract translation: 在管理设备上执行一种方法来通过网络来管理多个网络安全设备。 安全设备被配置为控制对网络可访问资源的访问。 接收到查询。 响应于所接收的查询,从每个安全设备收集引用特定资源的相应本地安全规则,其中每个本地安全规则基于与从其收集本机安全规则的安全设备相关联的相应原生规则模型 。 每个本地安全规则被转换为基于通用规则模型的相应的归一化规则。 将相应的归一化规则相互比较以产生比较结果。 基于比较结果,生成每个安全设备是否允许或阻止对特定资源的访问的指示。

    SECURITY POLICY UNIFICATION ACROSS DIFFERENT SECURITY PRODUCTS
    2.
    发明申请
    SECURITY POLICY UNIFICATION ACROSS DIFFERENT SECURITY PRODUCTS 审中-公开

    公开(公告)号:US20170230425A1

    公开(公告)日:2017-08-10

    申请号:US15498927

    申请日:2017-04-27

    Applicant: Cisco Technology, Inc.

    Inventor: Denis Knjazihhin Yedidya Dotan Burak Say Robin Martherus Sachin Vasant

    IPC: H04L29/06

    CPC classification number: H04L63/20 G06F21/604 H04L41/28 H04L63/10 H04L63/102

    Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

    PROVIDING NETWORK BEHAVIOR VISIBILITY BASED ON EVENTS LOGGED BY NETWORK SECURITY DEVICES
    3.
    发明申请
    PROVIDING NETWORK BEHAVIOR VISIBILITY BASED ON EVENTS LOGGED BY NETWORK SECURITY DEVICES 审中-公开

    公开(公告)号:US20170155562A1

    公开(公告)日:2017-06-01

    申请号:US15237142

    申请日:2016-08-15

    Applicant: Cisco Technology, Inc.

    Inventor: Sachin Vasant Umesh Kumar Miglani Zachary D. Siswick Doron Levari Yedidya Dotan

    IPC: H04L12/26 H04L29/12

    CPC classification number: H04L63/0227 H04L63/1408 H04L63/20

    Abstract: A network management entity is configured to communicate with one or more network security devices. Each network security device is configured to store in a respective event queue an event for each attempt to access a network accessible destination through the security device. Each event indicates the destination of the attempted access. The management entity periodically collects from the event queues the stored events so that less that all of the events stored in the event queues over a given time period are collected. The management entity determines, based on the collected events, top destinations as the destinations that occur most frequently in the collected events. The management entity determines, based on the collected events, bottom destinations as the destinations that occur least frequently in the collected events. The management entity generates for display indications of the top destinations and generates for display indications of the bottom destinations.

    SECURITY POLICY UNIFICATION ACROSS DIFFERENT SECURITY PRODUCTS
    4.
    发明申请
    SECURITY POLICY UNIFICATION ACROSS DIFFERENT SECURITY PRODUCTS 有权
    安全政策不同的安全产品

    公开(公告)号:US20160212169A1

    公开(公告)日:2016-07-21

    申请号:US14600495

    申请日:2015-01-20

    Applicant: Cisco Technology, Inc.

    Inventor: Denis Knjazihhin Yedidya Dotan Burak Say Robin Martherus Sachin Vasant

    IPC: H04L29/06

    CPC classification number: H04L63/20 G06F21/604 H04L41/0843 H04L41/0893 H04L63/10

    Abstract: A management entity receives from multiple security devices corresponding native security policies each based on a native policy model associated with the corresponding security device. Each security device controls access to resources by devices associated with the security device according to the corresponding native security policy. The management entity normalizes the received native security policies across the security devices based on a generic policy model, to produce a normalized security policy that is based on the generic policy model and representative of the native security polices.

    Abstract translation: 管理实体从多个安全设备接收对应的本地安全策略,每个基于与相应的安全设备相关联的本地策略模型。 每个安全设备根据相应的本地安全策略控制与安全设备相关联的设备对资源的访问。 管理实体基于通用策略模型,在安全设备之间规范化接收到的本地安全策略,以生成基于通用策略模型并代表本机安全策略的规范化安全策略。

    POLICY BLOCK CREATION WITH CONTEXT-SENSITIVE POLICY LINE CLASSIFICATION
    6.
    发明申请
    POLICY BLOCK CREATION WITH CONTEXT-SENSITIVE POLICY LINE CLASSIFICATION 有权

    公开(公告)号:US20170208094A1

    公开(公告)日:2017-07-20

    申请号:US15131604

    申请日:2016-04-18

    Applicant: Cisco Technology, Inc.

    Inventor: Daniel Hollingshead Sachin Vasant Yedidya Dotan Umesh Kumar Miglani Denis Knjazihhin

    IPC: H04L29/06 H04L12/24

    CPC classification number: H04L63/20 H04L41/0893 H04L63/0263

    Abstract: Presented herein are techniques for creating a policy block comprised of a group of lines of rules/statements across configuration files for network devices. An algorithm is provided that determines when multiple policies are to be merged together into one policy. In one embodiment, data is uploaded from a network that includes a plurality of network devices. The data represents policy rules configured on the plurality of network devices. The data representing the policy rules is compared for similarities in order to group together policy rules based on their similarities. Data is stored representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together. One or more configuration policies are generated to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing.

    Security policy unification across different security products
    8.
    发明授权
    Security policy unification across different security products 有权

    公开(公告)号:US10116702B2

    公开(公告)日:2018-10-30

    申请号:US15498927

    申请日:2017-04-27

    Applicant: Cisco Technology, Inc.

    Inventor: Denis Knjazihhin Yedidya Dotan Burak Say Robin Martherus Sachin Vasant

    IPC: G06F17/00 H04L29/06 H04L12/24

    Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

    Policy block creation with context-sensitive policy line classification
    9.
    发明授权
    Policy block creation with context-sensitive policy line classification 有权

    公开(公告)号:US09992232B2

    公开(公告)日:2018-06-05

    申请号:US15131604

    申请日:2016-04-18

    Applicant: Cisco Technology, Inc.

    Inventor: Daniel Hollingshead Sachin Vasant Yedidya Dotan Umesh Kumar Miglani Denis Knjazihhin

    IPC: H04L29/06 H04L12/24

    CPC classification number: H04L63/20 H04L41/0893 H04L63/0263

    Abstract: Presented herein are techniques for creating a policy block comprised of a group of lines of rules/statements across configuration files for network devices. An algorithm is provided that determines when multiple policies are to be merged together into one policy. In one embodiment, data is uploaded from a network that includes a plurality of network devices. The data represents policy rules configured on the plurality of network devices. The data representing the policy rules is compared for similarities in order to group together policy rules based on their similarities. Data is stored representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together. One or more configuration policies are generated to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing.

Patent Agency Ranking