公开(公告)号：US09531757B2

公开(公告)日：2016-12-27

申请号：US14600418

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Shawn Henry ,  Robin Martherus ,  Sanjay Agarwal

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/28 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity discovers security devices connected to a network. Each security device controls access to resources by devices associated with the security device according to a corresponding native security policy that is based on a corresponding native policy model associated with the security device. The management entity imports the native security policies from the corresponding security devices over the network, and normalizes the imported native security policies across the security devices based on a generic policy model, to produce normalized security policies that are based on the generic policy model and representative of the native security polices. The management entity receives security events from the security devices, and processes the received security events among the security devices based on the normalized security policies.

Abstract translation: 管理实体发现连接到网络的安全设备。 每个安全设备根据与基于安全设备相关联的对应本地策略模型的对应本地安全策略来控制与安全设备相关联的设备对资源的访问。 管理实体通过网络从相应的安全设备导入本地安全策略，并根据通用策略模型在安全设备之间规范化导入的本地安全策略，以生成基于通用策略模型和代表的规范化安全策略 的本地安全政策。 管理实体从安全设备接收安全事件，并根据规范化的安全策略对安全设备之间接收的安全事件进行处理。

公开(公告)号：US09769210B2

公开(公告)日：2017-09-19

申请号：US15189755

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/24

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.

公开(公告)号：US20160212167A1

公开(公告)日：2016-07-21

申请号：US14600436

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

Abstract translation: 管理实体通过网络与多个安全设备连接。 每个安全设备根据一个或多个安全策略进行操作。 管理实体通过网络从多个安全设备中导入描述安全策略的数据。 管理实体根据多个安全设备中安全策略中包含的信息的通用性，将导入的安全策略分为安全策略分类。

公开(公告)号：US20160212166A1

公开(公告)日：2016-07-21

申请号：US14600418

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Shawn Henry ,  Robin Martherus ,  Sanjay Agarwal

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/604 ,  H04L41/28 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity discovers security devices connected to a network. Each security device controls access to resources by devices associated with the security device according to a corresponding native security policy that is based on a corresponding native policy model associated with the security device. The management entity imports the native security policies from the corresponding security devices over the network, and normalizes the imported native security policies across the security devices based on a generic policy model, to produce normalized security policies that are based on the generic policy model and representative of the native security polices. The management entity receives security events from the security devices, and processes the received security events among the security devices based on the normalized security policies.

Abstract translation: 管理实体发现连接到网络的安全设备。 每个安全设备根据与基于安全设备相关联的对应本地策略模型的对应本地安全策略来控制与安全设备相关联的设备对资源的访问。 管理实体通过网络从相应的安全设备导入本地安全策略，并根据通用策略模型在安全设备之间规范化导入的本地安全策略，以生成基于通用策略模型和代表的规范化安全策略 的本地安全政策。 管理实体从安全设备接收安全事件，并根据规范化的安全策略对安全设备之间接收的安全事件进行处理。

公开(公告)号：US20160301717A1

公开(公告)日：2016-10-13

申请号：US15189755

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06 ,  G06F3/0482 ,  G06F17/24 ,  G06F3/0484

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.

Abstract translation: 管理实体从配置为根据相应的安全策略进行操作的安全设备中导入安全策略中包含的信息。 该信息根据安全策略中的信息的共同性分为安全策略分类。 安全策略分类显示为可选择的安全策略分类。 收到策略模板名称的条目和多个安全策略分类的选择。 多个选定的安全策略分类中的安全策略被分配给由输入的策略模板名称标识的安全策略模板。

公开(公告)号：US09401933B1

公开(公告)日：2016-07-26

申请号：US14600436

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Sanjay Agarwal ,  Robin Martherus

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/248 ,  H04L63/10 ,  H04L63/102

Abstract: A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

Abstract translation: 管理实体通过网络与多个安全设备连接。 每个安全设备根据一个或多个安全策略进行操作。 管理实体通过网络从多个安全设备中导入描述安全策略的数据。 管理实体根据多个安全设备中安全策略中包含的信息的通用性，将导入的安全策略分为安全策略分类。