The basic computer network infrastructure does not necessarily provide services or features necessary for reasonably integrated computer security. Without appropriate security controls, the computer networks are highly vulnerable to attacks or unauthorized access of critical assets, such as sensitive data or computing resources, within the networks. To minimize the risk from the attacks or unauthorized access, a variety of security devices are used in the computer networks. For example, the security devices are implemented by network security controls, data security controls, and endpoint security controls. The network security controls include, for example, firewalls, routers, network switches, and wireless access points (APs). The data security controls include, for example, data loss prevention (DLP) solutions, encryption, and digital signature. The endpoint security controls include, for example, host-based intrusion detection systems (HIDS), host-based intrusion prevention systems (HIPS), host-based firewalls, and device controls.
Each of the security devices may have its own method and technology to configure security in the network. Further, the mechanics of configuring the security with the security devices may change from one release to another. Therefore, keeping track of different configurations and learning the skills for the different configurations of different security devices can be difficult. Further, the security configured for different computing resources in the networks need to be managed in a coherent way without conflicts, and the configuration applied for each security device should not change unintentionally so that inconsistency is minimized in applying security policies over time.