Conditional policies

Assignee

• Cisco Technology, Inc. · US

Inventors

• Sunil Gupta · Austin, US
• Navindra Yadav · San Jose, US
• Michael Standish Watts · Mill Valley, US
• Ali Parandehgheibi · Sunnyvale, US
• Shashidhar Gandham · Fremont, US
• Ashutosh Kulshreshtha · Fremont, US
• Khawar Deen · Sunnyvale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/535
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.