| CPC H04L 63/0227 (2013.01) [H04L 63/0263 (2013.01)] | 20 Claims |
|
1. A method of dynamically managing network traffic with granular security zones, comprising:
receiving a first data packet from a user device, the first data packet including first identifying information indicating a sender computing asset and a receiver computing asset,
each of the sender computing asset and the receiver computing asset including a computer resource in a computer network;
comparing the first identifying information to a first packet filter rule of a plurality of packet filter rules to produce a first comparison outcome;
based on the first comparison outcome, blocking the first data packet from reaching the receiver computing asset;
mapping, in response to the blocking, the first identifying information to entity information including a first path in a hierarchy of entities and a second path in a hierarchy of computing assets for the sender computing asset and a third path in the hierarchy of entities and a fourth path in the hierarchy of computing assets for the receiver computing asset,
each entity in the hierarchy of entities corresponding to a group of account identifiers;
matching the entity information with an entity permission of one or more entity permissions, each entity permission indicating that a specific source computing asset in the hierarchy of computing assets associated with a specific source entity in the hierarchy of entities can or cannot communicate with a specific target computing asset in the hierarchy of computing assets associated with a specific target entity in the hierarchy of entities; and
updating based on the matching, one or more packet filter rules of the plurality of packet filter rules,
wherein the method is performed by one or more processors.
|