US 12,081,520 B2
Management of internet of things (IoT) by security fabric
John Lunsford Gregory Whittle, Menlo Park, CA (US); Jonathan Q. Nguyen-Duy, Fairfax, VA (US); and Michael Craig Woolfe, Ashburn, VA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on May 1, 2023, as Appl. No. 18/141,973.
Application 18/141,973 is a continuation of application No. 17/199,571, filed on Mar. 12, 2021.
Application 17/199,571 is a continuation of application No. 15/396,423, filed on Dec. 31, 2016, granted, now 11,057,345, issued on Jul. 6, 2021.
Application 15/396,423 is a continuation of application No. 15/396,378, filed on Dec. 30, 2016, granted, now 11,057,344, issued on Jul. 6, 2021.
Prior Publication US 2023/0269224 A1, Aug. 24, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 67/12 (2022.01); H04L 9/40 (2022.01); H04L 49/25 (2022.01); H04L 67/01 (2022.01); H04L 67/02 (2022.01); H04L 67/10 (2022.01); H04L 67/303 (2022.01)
CPC H04L 63/0227 (2013.01) [H04L 49/25 (2013.01); H04L 63/105 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/205 (2013.01); H04L 67/01 (2022.05); H04L 67/02 (2013.01); H04L 67/10 (2013.01); H04L 67/12 (2013.01); H04L 67/303 (2013.01); H04L 63/0272 (2013.01); H04L 63/1458 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A cloud-based network security system on a data communication network forming a security fabric for automatically customizing security policy management for variations in IoT (Internet of Things) devices, the network security system comprising:
circuitry to collect information of network devices from multiple data sources, and includes an analyzing tier of the network security system, communicatively coupled to resources over the data communication network, to using machine learning on the collected information to generate generic PEBs (profiled element baselines) for IOT devices of different types, wherein the generic PEBs each have a rigid class of policies that are mandatory for implementation and a discretionary class of policies that are optional for implementation;
local circuitry to collect and analyze information at each of the specific private network, and includes an adapting tier of the network security system, communicatively coupled to the analyzing tier and to a specific private network over the data communication network, to collect data from specific IoT devices on a specific private network of the plurality of private networks, wherein the adapting tier retrieves PEBs from the analyzing tier based on the collected data and tailors the specific PEBs according to the discretionary class of policies based on local conditions; and
a network security appliance, that includes an executing tier of the network security system, communicatively coupled to the adapting tier and to the specific private network, to interpret the specific PEBs and create local network security policies for controlling network traffic of the specific IoT devices of the specific private network to comply with the one or more security policies.