CPC H04L 63/1433 (2013.01) [H04L 61/4511 (2022.05); H04L 63/1408 (2013.01); H04L 63/1441 (2013.01)] | 20 Claims |
1. A method comprising:
determining, based on received network traffic, whether a node within an internal network introduces an above-threshold level of risk of malicious action to the internal network;
responsive to determining that the node introduces the above-threshold level of risk of malicious action to the internal network, isolating the node by instructing a DNS server of the internal network to prevent resolution of DNS requests for an IP address of the node until the node is reconfigured and a simulation of network traffic on the reconfigured node indicates that the node introduces a below-threshold level of risk of malicious action to the internal network.
|