US 11,902,145 B2
Generating and deploying security policies for microsegmentation
Scott Laplante, Bedford, NH (US); Peter Nahas, Watertown, MA (US); Xing Li, Burlington, MA (US); Suji Suresh, Westford, MA (US); Daniel R. Perkins, Boston, MA (US); and Peter Smith, Acton, MA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Oct. 19, 2022, as Appl. No. 17/969,314.
Application 17/969,314 is a continuation of application No. 17/350,180, filed on Jun. 17, 2021, granted, now 11,496,387.
Application 17/350,180 is a continuation in part of application No. 16/898,997, filed on Jun. 11, 2020, granted, now 11,178,187, issued on Nov. 16, 2021.
Claims priority of provisional application 62/859,793, filed on Jun. 11, 2019.
Prior Publication US 2023/0104751 A1, Apr. 6, 2023
Int. Cl. H04L 45/02 (2022.01); H04L 9/40 (2022.01); H04L 47/70 (2022.01)
CPC H04L 45/02 (2013.01) [H04L 47/82 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming a computing system to perform steps of:
receiving network communication information about hosts in a network and applications executed on the hosts;
analyzing the network communication information to identify server-to-server traffic, application-to-server traffic, and application-to-application traffic;
automatically generating one or more microsegments in the network based on the analyzing, wherein each microsegment of the one or more microsegments is a grouping of resources including the hosts and the applications executed on the hosts that have rules for network communication based on the identified server-to-server traffic, application-to-server traffic, and application-to-application traffic; and
providing the one or more microsegments to one or more hosts of the hosts, for use by the one or more hosts to allow or block communications locally based on the one or more microsegments.