RefinementEngine: Automating Intent-to-Device Filtering Policy Deployment under Network Constraints
This addresses the problem of slow and error-prone security policy deployment for Security Operations Centers in large networks, though it appears incremental as it automates an existing process rather than introducing a new paradigm.
The paper tackles the manual and error-prone process of translating security intents into deployable network rules by introducing RefinementEngine, which automates this refinement using network topology and threat intelligence, validated through real-world use cases with packet and web filtering policies.
Translating security intent into deployable network enforcement rules and maintaining their effectiveness despite evolving cyber threats remains a largely manual process in most Security Operations Centers (SOCs). In large and heterogeneous networks, this challenge is complicated by topology-dependent reachability constraints and device-specific security control capabilities, making the process slow, error-prone, and a recurring source of misconfigurations. This paper presents RefinementEngine, an engine that automates the refinement of high-level security intents into low-level, deployment-ready configurations. Given a network topology, devices, and available security controls, along with high-level intents and Cyber Threat Intelligence (CTI) reports, RefinementEngine automatically generates settings that implement the desired intent, counter reported threats, and can be directly deployed on target security controls. The proposed approach is validated through real-world use cases on packet and web filtering policies derived from actual CTI reports, demonstrating both correctness, practical applicability, and adaptability to new data.