Abstract: There are provided a computer-implemented connectivity manager and a method of managing connectivity between resources in a computer network using the connectivity manager.

Abstract: There are provided a computer-implemented connectivity manager and a method of managing connectivity between resources in a computer network using the connectivity manager.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: There are provided a method of automated managing an ordered set of security rules implemented at a plurality of security gateways and a system thereof. The method comprises obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; analyzing routing tables of the plurality of the security gateways; generating ranking the security gateways in accordance with their relevance to the unfitting connectivity request; selecting one or more security gateways with the highest ranking; and implementing a configuration change required in order to facilitate allowance of the unfitting connectivity request at the one or more selected security gateways.

Abstract: There are provided a method of automated managing one or more security rule-sets and a system thereof. The method comprising: obtaining data characterizing a connectivity request and an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request; automated verifying each possible combination of values in the connectivity request against the initial rule-set and the amended rule-set; calculating one or more values selected from a group comprising values characterizing relative amount of extra allowed traffic and values characterizing relative amount of dissatisfied requested traffic; automated comparing the calculated values and/or derivatives thereof with a predefined threshold; and automated classifying the amended rule-set as applicable for implementation if the results of the automated comparing match a predefined verification criterion.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: Provided a computerized system and method of automated auditing a range of rules associated with an enforced security policy. The method comprises automated obtaining log records assigned to a first rule within the range of rules and logged during a counted period, each said log record comprising a unique rule identifier and recorded values of respective arguments comprised in the rule; counting a number of records matching certain recorded values and logged within certain time intervals within the counted period (counted values); and automated generating a counted log record assigned to said rule, said record comprising the unique rule identifier, the counted period, recorded values of the rule arguments and respective counted values.

Abstract: There are provided a computer-implemented connectivity manager and a method of managing connectivity between resources in a computer network using the connectivity manager.

Abstract: There are provided a method of automated managing one or more security rule-sets and a system thereof. The method comprising: obtaining data characterizing a connectivity request and an amended rule-set, the amended rule-set being derivative of an initial rule-set amended to fit the connectivity request; automated verifying each possible combination of values in the connectivity request against the initial rule-set and the amended rule-set; calculating one or more values selected from a group comprising values characterizing relative amount of extra allowed traffic and values characterizing relative amount of dissatisfied requested traffic; automated comparing the calculated values and/or derivatives thereof with a predefined threshold; and automated classifying the amended rule-set as applicable for implementation if the results of the automated comparing match a predefined verification criterion.

Abstract: There are provided a method of automated managing an ordered set of security rules implemented at a plurality of security gateways and a system thereof. The method comprises obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; analyzing routing tables of the plurality of the security gateways; generating ranking the security gateways in accordance with their relevance to the unfitting connectivity request; selecting one or more security gateways with the highest ranking; and implementing a configuration change required in order to facilitate allowance of the unfitting connectivity request at the one or more selected security gateways.

Abstract: There is provided a rule-set generator and a method of automated configuration of a security gateway. The method comprises setting-up an initial rule-set; obtaining log records of communication events corresponding to the initial rule-set so as to obtain a sufficient amount of log records; transforming the obtained log records into respective rules, wherein source, destination and service fields in each rule correspond to source, destination and service values in respective obtained log record, and the action in all rules is defined as “Accept”, thus giving rise to a transformation-based rule-set; and processing the transformation-based rule-set so as to generate an operable rule-set by processing the transformation-based rule-set.

Abstract: There are provided a method of automated managing two or more security rule-sets and a system thereof. The method comprises: obtaining data characterizing a first rule-set and a second rule-set; automated recognizing all possible combinations of values in the first and the second rule-sets; automated verifying each combination of values in the second rule-set against the first rule-set; calculating one or more values characterizing the differences in allowable and rejectable traffic in the first rule-set and the second rule-set; automated comparing the calculated values and/or derivatives thereof with a predefined threshold; and automated classifying the relationship between the first rule-set and the second rule-set in accordance with comparison results.

Abstract: There are provided a method of automated managing an ordered set of security rules implemented at one or more security gateways and a system thereof. The method comprises a) obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; b) automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria; c) automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and d) automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: There are provided a method of automated managing two or more security rule-sets and a system thereof. The method comprises: obtaining data characterizing a first rule-set and a second rule-set; automated recognizing all possible combinations of values in the first and the second rule-sets; automated verifying each combination of values in the second rule-set against the first rule-set; calculating one or more values characterizing the differences in allowable and rejectable traffic in the first rule-set and the second rule-set; automated comparing the calculated values and/or derivatives thereof with a predefined threshold; and automated classifying the relationship between the first rule-set and the second rule-set in accordance with comparison results.

Abstract: There are provided a method of automated managing an ordered set of security rules implemented at one or more security gateways and a system thereof. The method comprises a) obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; b) automated searching for a rule within said ordered set of security rules, said rule best matching to be amended in order to facilitate allowance of the unfitting connectivity request, wherein best matching is defined in accordance with one or more predefined criteria; c) automated generating amendment of the best matching rule, said amendment capable to facilitate allowance of the unfitting connectivity request; and d) automated implementing the generated amendment at one or more relevant security gateways among said one or more security gateways.

Abstract: There is provided a rule-set generator and a method of automated configuration of a security gateway. The method comprises setting-up an initial rule-set; obtaining log records of communication events corresponding to the initial rule-set so as to obtain a sufficient amount of log records; transforming the obtained log records into respective rules, wherein source, destination and service fields in each rule correspond to source, destination and service values in respective obtained log record, and the action in all rules is defined as “Accept”, thus giving rise to a transformation-based rule-set; and processing the transformation-based rule-set so as to generate an operable rule-set by processing the transformation-based rule-set.

Abstract: Provided a computerized system and method of automated auditing a range of rules associated with an enforced security policy. The method comprises automated obtaining log records assigned to a first rule within the range of rules and logged during a counted period, each said log record comprising a unique rule identifier and recorded values of respective arguments comprised in the rule; counting a number of records matching certain recorded values and logged within certain time intervals within the counted period (counted values); and automated generating a counted log record assigned to said rule, said record comprising the unique rule identifier, the counted period, recorded values of the rule arguments and respective counted values.