US 12,483,535 B2
Security policy refactoring using AI
Barak Kfir, Givat-Shmuel (IL); Nofar Bardugo, Ramat-Gan (IL); Dan Karpati, Even-Yehuda (IL); Eliyahu Hanokh Sandler, Bene-Atarot (IL); and Tamir Zegman, Tel-Aviv (IL)
Assigned to Check Point Software Technologies Ltd., Tel Aviv (IL)
Filed by Check Point Software Technologies Ltd., Tel Aviv (IL)
Filed on Jun. 27, 2024, as Appl. No. 18/755,973.
Application 18/755,973 is a continuation in part of application No. 18/476,480, filed on Sep. 28, 2023.
Prior Publication US 2025/0112963 A1, Apr. 3, 2025
Int. Cl. H04L 9/40 (2022.01); G06F 40/205 (2020.01); G06F 40/30 (2020.01); H04L 41/0894 (2022.01); H04L 41/16 (2022.01)
CPC H04L 63/0263 (2013.01) [G06F 40/205 (2020.01); G06F 40/30 (2020.01); H04L 41/0894 (2022.05); H04L 41/16 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer device for refactoring an original security policy using an artificial intelligence (AI) engine including a large language model (LLM), the computer device comprising:
processor circuitry configured to:
receive policy data for the original security policy, wherein:
the policy data comprises a configuration of the original security policy and includes rules and at least one of network objects, services, groups, zones, or layers; and
each of the rules is associated with one of the layers, such that each of the layers is associated with one or more rules;
parsing the received policy data to identify policy elements, wherein the policy elements comprise the network objects, services, groups, and zones included in the policy data;
converting the original security policy into a code representation by:
defining policy objects by translating each of the identified policy elements into a structured code format;
creating policy layers by defining a layer function for each of the layers in the policy data, wherein each of the layer functions encapsulates the one or more rules associated with the layer defined by the layer function; and
translating the rules included in the policy data into conditional statements for each of the layer functions by converting into a conditional statement each of the one or more rules associated with the layer defined by the layer function, wherein:
each of the conditional statements includes a condition and a corresponding action;
the condition comprises at least one of a check for source, destination, or service; and
the corresponding action is performed when the condition is met;
sending the converted code representation to the AI engine to analyze the original security policy, such that the AI engine applies the LLM to the code representation and identifies policy insights;
receiving from the AI engine the identified policy insights; and
outputting a security review based on the received policy insights.