User Isolation and Policy-Based Security Management

Network security and identity management are top concerns for service providers. Detailed traffic monitoring and analysis are typically required to identify and isolate malicious users. Such process can take hours (if not days) especially during heavy traffic loads and substantial level of attacks. As a result, the network may crash even before the analysis is completed. Thus, it may be important to take quick appropriate action in order to maintain the network integrity. This paper proposes an adaptive policy-based security controller to quickly identify suspected malicious users, temporarily isolate them without disconnecting them from the network or validating their contracts, and then carry the required analysis. The proposed controller identifies malicious users without compromising between accurate but lengthy traffic analysis and premature decision. It also provides the ability to make granular corrective actions that are adaptive to any defined network condition.