Abstract: A method of dynamically applying a control policy to a network is described. A network layer of a plurality of network layers associated with user traffic is determined. A portion of a control policy corresponding to the network layer and the user traffic is accessed. Then, the portion is sent to a security device associated with the network layer, the portion being configured to be applied by the security device to the network layer and the user traffic.

Abstract: In one embodiment a method for managing event messages includes predicting an event message arrival rate, determining a current capacity of an event message repository in which received event messages are stored, and calculating a time at which to perform event message deletion relative to the predicted event message arrival rate and the determined current capacity of the event message repository.

Abstract: Information associated with a port security state of a network device is received. The received information is converted into an icon that corresponds to the port security state of the network device. The icon is displayed to a user.

Abstract: A method of managing security in a network is described. A data anomaly at a first location on a network is detected. A source of this data anomaly is identified. The source is compared with a plurality of access control policies, wherein each of the plurality of access control policies comprises at least one access restriction instruction associated with one or more sources. Based on the comparing, the source is associated with a corresponding one of the plurality of access control policies.

Abstract: A system and method for declarative network access control are provided. The system includes an interpreter, a rules engine, a storage device, and a processor. The interpreter transforms sentences in a declarative network access control language to rules. The rules engine evaluates the rules to produce actions for providing access control to a network at a point of access. The storage device stores instructions for the interpreter, the rules and the rules engine and the processor executes those instructions.

Abstract: In a method for determining information about a computing system, a designated process in the computing system is monitored. A determination whether a selected event has occurred in the designated process is made. State information and configuration information regarding the computing device is collected in response to a determination that the selected event has occurred. Meta information associated with the designated process is determined in response to a determination that the selected event has occurred. The state information, the configuration information and the meta information is recorded in an accessible file.

Abstract: In a method for determining information about a computing system, a designated process in the computing system is monitored. A determination whether a selected event has occurred in the designated process is made. State information and configuration information regarding the computing device is collected in response to a determination that the selected event has occurred. Meta information associated with the designated process is determined in response to a determination that the selected event has occurred. The state information, the configuration information and the meta information is recorded in an accessible file.

Abstract: A user is enabled to select one or more client devices from a number of client devices and to select one or more server devices from a number of server devices. Secure communication is to occur between each selected client device and each selected server device. For each unique pair of a selected client device and a selected server device, a validation of a security configuration of the selected client device and a security configuration of the selected server device is performed, to determine whether secure communication can occur between the selected client device and the selected server device. Where the validation has failed, reconfiguration of one or more of the selected client device and the selected server device is performed so that secure communication can occur between the selected client device and the selected server device.

Abstract: A headless appliance includes a network chassis management interface determiner configured to determine a network chassis management interface. The headless appliance is configured to be disposed in a network chassis. The headless appliance also includes a management interface command mapping configured to associate commands of the network chassis management interface to commands of a headless appliance management interface.

Abstract: A method of selectively identifying conflicting network access rules within a knowledge base containing a plurality of network access rules, each rule having a condition portion and a consequence portion, and creating a corresponding resolved consequence, including the steps of comparing the condition portions of the rules, determining conflicting rules to be rules with matching condition portions and differing consequence portions, and analyzing the consequence portions of each of the conflicting rules to define the resolved consequence to be executed when the condition portion in any of the conflicting rules is executed.

Abstract: A method of managing security in a network is described. A data anomaly at a first location on a network is detected. A source of this data anomaly is identified. The source is compared with a plurality of access control policies, wherein each of the plurality of access control policies comprises at least one access restriction instruction associated with one or more sources. Based on the comparing, the source is associated with a corresponding one of the plurality of access control policies.

Abstract: A method of dynamically applying a control policy to a network is described. A network layer of a plurality of network layers associated with user traffic is determined. A portion of a control policy corresponding to the network layer and the user traffic is accessed. Then, the portion is sent to a security device associated with the network layer, the portion being configured to be applied by the security device to the network layer and the user traffic.

Abstract: A user is enabled to select one or more client devices from a number of client devices and to select one or more server devices from a number of server devices. Secure communication is to occur between each selected client device and each selected server device. For each unique pair of a selected client device and a selected server device, a validation of a security configuration of the selected client device and a security configuration of the selected server device is performed, to determine whether secure communication can occur between the selected client device and the selected server device. Where the validation has failed, reconfiguration of one or more of the selected client device and the selected server device is performed so that secure communication can occur between the selected client device and the selected server device.

Abstract: A method for validating a syslog message having a plurality of message components. The method includes providing a meta regular expression. The meta regular expression is formed from a set of regular expressions with each of the regular expressions corresponding to one of the plurality of message components. The meta-regular expression represents a plurality of message component patterns, each of the message component patterns representing a different ordering of individual regular expressions of the set of regular expressions. The method further includes comparing the syslog message with the meta regular expression. The syslog message is deemed valid if the syslog message matches one of the plurality of message component patterns represented by the meta regular expression.

Abstract: A system and method for declarative network access control are provided. The system includes an interpreter, a rules engine, a storage device, and a processor. The interpreter transforms sentences in a declarative network access control language to rules. The rules engine evaluates the rules to produce actions for providing access control to a network at a point of access. The storage device stores instructions for the interpreter, the rules and the rules engine and the processor executes those instructions.

Abstract: A network management station includes a processor, memory coupled to the processor, and computer executable instructions provided to the memory and executable by the processor. The computer executable instructions are configured to transmit a network management message to a network device connected to the network management station over a network, receive response information from the network device based on the network management message, receive unsolicited information from the network device, and apply fuzzy logic to the received information and the unsolicited information to produce information associated with the health of the network device.

Abstract: A method for processing syslog messages. The syslog messages are received from a plurality of components. The method includes receiving a first syslog message. The method further includes determining whether the first syslog message is one of a plurality of critical syslog messages. The method also includes, if the first syslog message is the one of the plurality of critical syslog messages, performing critical message handling using the first syslog message. The method yet also includes, if the first syslog message is not any of the plurality of critical syslog messages, performing non-critical message handling using the first syslog message.

Abstract: A method of selectively identifying conflicting network access rules within a knowledge base containing a plurality of network access rules, each rule having a condition portion and a consequence portion, and creating a corresponding resolved consequence, including the steps of comparing the condition portions of the rules, determining conflicting rules to be rules with matching condition portions and differing consequence portions, and analyzing the consequence portions of each of the conflicting rules to define the resolved consequence to be executed when the condition portion in any of the conflicting rules is executed.

Abstract: Embodiments include applying fuzzy based rules to information associated with various metrics from a network device to produce a variable fuzzy based rule expression. The variable fuzzy based rule expression can then be used as an input parameter to a fuzzy rule based heuristic.

Abstract: An event broker that receives various types of events in a particular device, and decodes the events to a common meaning form as a generic event that is accessible by various software applications in the device. The event broker includes a plurality of event receivers that receive the events on various ports of the device. The events are then transferred to an event driver loader that accesses a particular event driver depending on how the particular event is formatted. The event driver decodes the event and stores the generic event in an event storage system and/or passes it on to a particular software module that may need to use the event at that particular time.