Management of security policies across multiple security products

摘要

A management entity discovers security devices connected to a network. Each security device controls access to resources by devices associated with the security device according to a corresponding native security policy that is based on a corresponding native policy model associated with the security device. The management entity imports the native security policies from the corresponding security devices over the network, and normalizes the imported native security policies across the security devices based on a generic policy model, to produce normalized security policies that are based on the generic policy model and representative of the native security polices. The management entity receives security events from the security devices, and processes the received security events among the security devices based on the normalized security policies.

主权项

1. A method performed at a management entity, comprising:
discovering multiple security devices connected to a network, each security device to control access to resources according to a corresponding native security policy that is based on a corresponding native policy model associated with the corresponding security device; importing the native security policies from the corresponding security devices over the network, each native security policy including a set of native security rules, each native security rule including native rule parameters to permit or deny access to a resource based on a network protocol and at least one of a source address or a destination address; classifying the imported native security policies into identical, similar, and unique security policy classifications having identical, similar, and unique security rules, respectively, based on commonality between the native rule parameters of the native security rules included in the native security policies across the security devices; normalizing the classified imported native security policies across the security devices based on a generic policy model, by mapping the native rule parameters in the native security rules of each security policy to corresponding components {a principal or actor}, {action}, {a resource}, {a context}, and {perform a result} of a generic rule: “if {a principal or actor} tries to perform an {action) on {a resource} within {a context} then {perform a result}, to produce normalized security policies; and processing security events received from the security devices using the normalized security policies.