公开(公告)号：US20170155562A1

公开(公告)日：2017-06-01

申请号：US15237142

申请日：2016-08-15

Applicant: Cisco Technology, Inc.

Inventor： Sachin Vasant ,  Umesh Kumar Miglani ,  Zachary D. Siswick ,  Doron Levari ,  Yedidya Dotan

IPC: H04L12/26 ,  H04L29/12

CPC classification number: H04L63/0227 ,  H04L63/1408 ,  H04L63/20

Abstract: A network management entity is configured to communicate with one or more network security devices. Each network security device is configured to store in a respective event queue an event for each attempt to access a network accessible destination through the security device. Each event indicates the destination of the attempted access. The management entity periodically collects from the event queues the stored events so that less that all of the events stored in the event queues over a given time period are collected. The management entity determines, based on the collected events, top destinations as the destinations that occur most frequently in the collected events. The management entity determines, based on the collected events, bottom destinations as the destinations that occur least frequently in the collected events. The management entity generates for display indications of the top destinations and generates for display indications of the bottom destinations.

公开(公告)号：US20170054757A1

公开(公告)日：2017-02-23

申请号：US14976338

申请日：2015-12-21

Applicant: Cisco Technology, Inc.

Inventor： Zachary D. Siswick ,  Umesh Kumar Miglani ,  Daniel Hollingshead ,  Karyll Catubig ,  Yedidya Dotan ,  Denis Knjazihhin

IPC: H04L29/06 ,  G06F3/0484 ,  G06F3/0481

CPC classification number: H04L63/20 ,  G06F3/04817 ,  G06F3/04842 ,  H04L63/02 ,  H04L63/102

Abstract: In a computer implemented method, selectable device icons that represent respective network security devices are generated for display. Responsive to a selection of one of the device icons, selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon are generated for display. Responsive to a selection of one of the interface icons, selectable policy icons that represent respective security polices applied to the network interface represented by the selected interface icon are generated for display. Responsive to a selection of one of the policy icons, selectable object group icons that represent respective groups of security rule objects used in the network security policy represented by the selected policy icon are generated for display.

Abstract translation: 在计算机实现的方法中，生成表示相应的网络安全设备的可选设备图标用于显示。 响应于选择一个设备图标，生成表示由所选择的设备图标表示的网络安全设备使用的各个网络接口的可选接口图标以供显示。 响应于选择一个接口图标，生成表示应用于由所选接口图标表示的网络接口的相应安全策略的可选择策略图标以进行显示。 响应于选择一个策略图标，生成表示由所选择的策略图标表示的网络安全策略中使用的各组安全规则对象的可选择对象组图标以进行显示。

公开(公告)号：US20160344743A1

公开(公告)日：2016-11-24

申请号：US14725489

申请日：2015-05-29

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Jason M. Perry ,  Denis Knjazihhin ,  Zachary D. Siswick ,  Sachin Vasant

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/108 ,  G06F17/30554 ,  G06F17/30867 ,  H04L63/0227 ,  H04L63/0263

Abstract: A method is performed at a management device to manage multiple network security devices over a network. The security devices are configured to control access to network accessible resources. A query is received. In response to the received query, a respective native security rule that references the specific resource is collected from each security device, where each native security rule is based on a respective native rule model associated with the security device from which the native security rule is collected. Each native security rule is translated into a respective normalized rule that is based on a generic rule model. The respective normalized rules are compared to each other to generate compare results. Based on the compare results, an indication of whether each security device allows or blocks access to the specific resource is generated.

Abstract translation: 在管理设备上执行一种方法来通过网络来管理多个网络安全设备。 安全设备被配置为控制对网络可访问资源的访问。 接收到查询。 响应于所接收的查询，从每个安全设备收集引用特定资源的相应本地安全规则，其中每个本地安全规则基于与从其收集本机安全规则的安全设备相关联的相应原生规则模型 。 每个本地安全规则被转换为基于通用规则模型的相应的归一化规则。 将相应的归一化规则相互比较以产生比较结果。 基于比较结果，生成每个安全设备是否允许或阻止对特定资源的访问的指示。

公开(公告)号：US09787722B2

公开(公告)日：2017-10-10

申请号：US14755228

申请日：2015-06-30

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Zachary D. Siswick ,  Christopher Duane ,  Daniel Hollingshead

IPC: H04L29/00 ,  H04L29/06 ,  G06F17/30 ,  G06F21/60 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F17/30106 ,  G06F17/30598 ,  G06F21/57 ,  G06F21/604

Abstract: An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.

公开(公告)号：US09641540B2

公开(公告)日：2017-05-02

申请号：US14725489

申请日：2015-05-29

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Jason M. Perry ,  Denis Knjazihhin ,  Zachary D. Siswick ,  Sachin Vasant

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/108 ,  G06F17/30554 ,  G06F17/30867 ,  H04L63/0227 ,  H04L63/0263

Abstract: A method is performed at a management device to manage multiple network security devices over a network. The security devices are configured to control access to network accessible resources. A query is received. In response to the received query, a respective native security rule that references the specific resource is collected from each security device, where each native security rule is based on a respective native rule model associated with the security device from which the native security rule is collected. Each native security rule is translated into a respective normalized rule that is based on a generic rule model. The respective normalized rules are compared to each other to generate compare results. Based on the compare results, an indication of whether each security device allows or blocks access to the specific resource is generated.

公开(公告)号：US20160344773A1

公开(公告)日：2016-11-24

申请号：US14755228

申请日：2015-06-30

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Zachary D. Siswick ,  Christopher Duane ,  Daniel Hollingshead

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/20 ,  G06F17/30106 ,  G06F17/30598 ,  G06F21/57 ,  G06F21/604

Abstract: An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.

Abstract translation: 集成开发环境（IDE）预处理包括安全规则在内的配置文件。 预处理根据对象名称的对象定义将安全规则中的对象名称映射到关联对象值。 响应于在编辑器中打开的配置文件，IDE为编辑器提供对预处理结果的访问。 搜索打开的配置文件中的每个安全规则的对象名称。 IDE通过在预处理期间执行的映射将搜索中找到的每个对象名称链接到映射到其上的关联对象值。 IDE在打开的配置文件的安全规则中接收对象名称的选择，并生成用于显示链接到所选对象名称的关联对象值。