Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Automated Security Device Policy Update Through Global Analytics Feed

IP.com Disclosure Number: IPCOM000231086D
Publication Date: 2013-Sep-25
Document File: 2 page(s) / 22K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a system and method that enable security devices to automatically update their policy to prevent against attacks by leveraging a global analytics feeds.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Automated Security Device Policy Update Through Global Analytics Feed

Staying ahead of network security threats is challenging and time consuming. Most of the time policy adjustments to drop/block traffic are put in place after an attack is already occurring. In the case where drop/blocks can be put in place pre-emptively, it has usually involved time-consuming research and then the manual implementation of the policy change through each security device's management interface. Even in cases where security is managed through a service with global analytic capabilities, manual policy changes on each device must still be made.

This is at best a manual process and at worst, a process that occurs too late, after a system has already been hit by an attack.

As attacks are discovered through analysis of global security data, a global analytics feed could be made available. Security devices in the field could subscribe to this feed and automatically put, for instance, Intrusion Detection System (IDS) blocks or firewall drop policies in place to preempt attack. This would not only save time that is lost in manually entering policy updates, but it would also provide a near real time propagation of security policy protection against global attacks.

The novel contribution of this invention is the ability to enable security devices to automatically update their policy to prevent against attacks by leveraging a global analytics feeds.

The process flow for implementing the method follows:


1. Security Device subscribes to Global Attack Feed

2. Global Threat Analyst (i.e., person) analyzes global security data across hundreds/thousands of customers


3. Global Threat Anal...