Computer network security configuration visualization and control system
US11258763B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 21, 2017 |
| Grant date | Feb 22, 2022 |
| Priority date | — |
| Expiry date | Aug 30, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L41/28
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computing device is configured to retrieve network security configuration information from a computer network and generate a security configuration map which readily enables a user to detect defects in the security configuration with respect to a security policy. The computing device retrieves firewall configurations from security appliances in the network which operate firewalls, and processes the firewall configurations to generate a set of corresponding standardized firewall configurations. These are processed to identify enclaves containing network nodes which are associated with respective security sensitivity values based on the security policy. The computing device monitors and detects inter-node network traffic. The computing device generates a map representing the network nodes and security appliances, the security enclaves, the respective security sensitivity values, and the network traffic flows, thereby rendering readily visible inconsistencies between the actual security configuration and traffic flows, and the security policy.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.