CPC H04L 63/20 (2013.01) [H04L 9/088 (2013.01); H04L 9/0825 (2013.01); H04L 9/0844 (2013.01); H04L 9/3268 (2013.01); H04L 63/105 (2013.01); H04L 9/0643 (2013.01)] | 20 Claims |
1. A method comprising:
receiving, at a service, captured traffic flow data regarding an encrypted traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone;
identifying, by the service and from the captured traffic flow data, one or more cryptographic parameters of the encrypted traffic flow;
determining, by the service, whether the one or more cryptographic parameters of the encrypted traffic flow satisfy an inter-zone policy associated with the first and second network zones, wherein the inter-zone policy defines which cryptographic parameters of the encrypted traffic flow are allowed between the first and second network zones and is determined based on input received via a user interface; and
causing, by the service, performance of a mitigation action in the network when the one or more cryptographic parameters of the encrypted traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.
|