公开(公告)号：US20170230425A1

公开(公告)日：2017-08-10

申请号：US15498927

申请日：2017-04-27

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Burak Say ,  Robin Martherus ,  Sachin Vasant

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/28 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

公开(公告)号：US20160212169A1

公开(公告)日：2016-07-21

申请号：US14600495

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Burak Say ,  Robin Martherus ,  Sachin Vasant

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/0843 ,  H04L41/0893 ,  H04L63/10

Abstract: A management entity receives from multiple security devices corresponding native security policies each based on a native policy model associated with the corresponding security device. Each security device controls access to resources by devices associated with the security device according to the corresponding native security policy. The management entity normalizes the received native security policies across the security devices based on a generic policy model, to produce a normalized security policy that is based on the generic policy model and representative of the native security polices.

Abstract translation: 管理实体从多个安全设备接收对应的本地安全策略，每个基于与相应的安全设备相关联的本地策略模型。 每个安全设备根据相应的本地安全策略控制与安全设备相关联的设备对资源的访问。 管理实体基于通用策略模型，在安全设备之间规范化接收到的本地安全策略，以生成基于通用策略模型并代表本机安全策略的规范化安全策略。

公开(公告)号：US20160212166A1

公开(公告)日：2016-07-21

申请号：US14600418

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Shawn Henry ,  Robin Martherus ,  Sanjay Agarwal

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/28 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity discovers security devices connected to a network. Each security device controls access to resources by devices associated with the security device according to a corresponding native security policy that is based on a corresponding native policy model associated with the security device. The management entity imports the native security policies from the corresponding security devices over the network, and normalizes the imported native security policies across the security devices based on a generic policy model, to produce normalized security policies that are based on the generic policy model and representative of the native security polices. The management entity receives security events from the security devices, and processes the received security events among the security devices based on the normalized security policies.

Abstract translation: 管理实体发现连接到网络的安全设备。 每个安全设备根据与基于安全设备相关联的对应本地策略模型的对应本地安全策略来控制与安全设备相关联的设备对资源的访问。 管理实体通过网络从相应的安全设备导入本地安全策略，并根据通用策略模型在安全设备之间规范化导入的本地安全策略，以生成基于通用策略模型和代表的规范化安全策略 的本地安全政策。 管理实体从安全设备接收安全事件，并根据规范化的安全策略对安全设备之间接收的安全事件进行处理。

公开(公告)号：US09769210B2

公开(公告)日：2017-09-19

申请号：US15189755

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/24

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.

公开(公告)号：US20160212170A1

公开(公告)日：2016-07-21

申请号：US14600548

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Robin Martherus ,  Guy Telner ,  Yedidya Dotan ,  Denis Knjazihhin

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: A management entity displays a plurality of icons, each icon representing an actor or a resource in a networking environment. The management entity defines security policy by receiving user input in the form of lines drawn between icons representing actors and resources to control abilities between actors and resources.

Abstract translation: 管理实体显示多个图标，每个图标表示网络环境中的演员或资源。 管理实体通过以表示角色和资源的图标之间绘制的线的形式接收用户输入来定义安全策略，以控制演员和资源之间的能力。

公开(公告)号：US20160212167A1

公开(公告)日：2016-07-21

申请号：US14600436

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

Abstract translation: 管理实体通过网络与多个安全设备连接。 每个安全设备根据一个或多个安全策略进行操作。 管理实体通过网络从多个安全设备中导入描述安全策略的数据。 管理实体根据多个安全设备中安全策略中包含的信息的通用性，将导入的安全策略分为安全策略分类。

公开(公告)号：US20160301717A1

公开(公告)日：2016-10-13

申请号：US15189755

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06 ,  G06F3/0482 ,  G06F17/24 ,  G06F3/0484

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.

Abstract translation: 管理实体从配置为根据相应的安全策略进行操作的安全设备中导入安全策略中包含的信息。 该信息根据安全策略中的信息的共同性分为安全策略分类。 安全策略分类显示为可选择的安全策略分类。 收到策略模板名称的条目和多个安全策略分类的选择。 多个选定的安全策略分类中的安全策略被分配给由输入的策略模板名称标识的安全策略模板。

公开(公告)号：US09401933B1

公开(公告)日：2016-07-26

申请号：US14600436

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

Abstract translation: 管理实体通过网络与多个安全设备连接。 每个安全设备根据一个或多个安全策略进行操作。 管理实体通过网络从多个安全设备中导入描述安全策略的数据。 管理实体根据多个安全设备中安全策略中包含的信息的通用性，将导入的安全策略分为安全策略分类。

公开(公告)号：US10116702B2

公开(公告)日：2018-10-30

申请号：US15498927

申请日：2017-04-27

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Burak Say ,  Robin Martherus ,  Sachin Vasant

IPC: G06F17/00 ,  H04L29/06 ,  H04L12/24

Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

公开(公告)号：US09680875B2

公开(公告)日：2017-06-13

申请号：US14600495

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Burak Say ,  Robin Martherus ,  Sachin Vasant

IPC: G06F17/00 ,  H04L29/06 ,  H04L12/24 ,  G06F21/60

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/0843 ,  H04L41/0893 ,  H04L63/10

Abstract: A management entity receives from multiple security devices corresponding native security policies each based on a native policy model associated with the corresponding security device. Each security device controls access to resources by devices associated with the security device according to the corresponding native security policy. The management entity normalizes the received native security policies across the security devices based on a generic policy model, to produce a normalized security policy that is based on the generic policy model and representative of the native security polices.