As managed networks continue to grow; security policy management has become a growing concern. Generally, an organization's network includes a plurality of security-enabled devices, such as routers, switches, firewalls, gateways, hubs, network bridges, clients, peripherals, servers, and the like. Various applications can also be security-enabled on each of the available network devices. Network management techniques use security policies for these devices or applications in order to efficiently and securely manage the network.
For example, an Operating System (OS) application may include a security policy where user passwords are required to be at least 6 characters in length. Another application, perhaps executing within the OS or on another device of the network, may include a security policy for user passwords that require passwords having a length of at least 8 characters. Of course security policies can be more generically and comprehensively applied across the network, such as policies that relegate specific network traffic to defined ports on defined devices, policies that require encryption (e.g., Public Key Infrastructure (PKI) techniques and others), policies that restrict access to defined applications/end users, and other policies.
In today's typical enterprise environment, security control for network infrastructure and computing resources predominately consists of many manual tasks, and each task for network security control and configuration is usually a tedious process that typically involves understanding various vendor proprietary mechanisms and policy languages by the network administrators, who then manually map the enterprise's security policies to these proprietary mechanisms. Furthermore the policies are not systematically linked to the intrusions, attacks, and threats faced by the enterprise network. This technique fatally increases the response time and reduces the effectiveness of the enterprise network to continuously adapt to distributed attacks and threat environments, and also causes a loss of time-sensitive data that could potentially be correlated to design optimal countermeasures to attacks for the entire enterprise network.
Today's standard policy-based network management architecture does not include feedback mechanisms that can make a network more adaptive to environmental changes. Accordingly, existing security policy management architectures, which are mostly based on the policy-based network management architectures, discussed above, do not have the ability to provide dynamic security policy feedback and make adaptive policy updates based on any captured security intrusion and/or threat information. Furthermore, there is either none or very limited information sharing between network devices to which same or related security policies are being applied. In addition, there is lack of management architecture that provides a centralized view and policy engine, which provides correlation of data (both input and feedback) from heterogeneous sources in order to facilitate a corresponding intelligent policy deployment.
Therefore, there is a need for improved security policy management within networks. These implementations and techniques should enable a common security policy specification across heterogeneous enterprise networks and be capable of dynamically providing feedback that can be used to dynamically and adaptively manage network security policies.