| CPC H04L 63/10 (2013.01) [G06F 9/45558 (2013.01); H04L 63/029 (2013.01); H04L 63/08 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] | 18 Claims |
|
1. A method for managing access to network resources in a network using one or more processors that are configured to execute instructions, wherein the execution of the instructions enables performance of actions, comprising:
determining a first mesh agent on a logical edge of an overlay network that is configured to provide a client with access via a secure tunnel provided by the overlay network that includes a plurality of mesh agents;
determining a route for a connection in the overlay network for one or more requests to access a resource from the client that is received by the first mesh agent, wherein a last mesh agent in the route is configured to provide access to the resource over the connection;
employing the first mesh agent to determine an identity and an activity associated with the one or more requests based on network traffic, wherein the identity corresponds to an entity that is authenticated to access the overlay network and the resource, and wherein the activity corresponds to one or more of an application or an application protocol that is operative or available in the overlay network;
determining a policy container that is associated with the activity and based on one or more characteristics of the one or more requests by performance of further actions, including:
determining the application protocol associated with the one or more requests based on a payload included in the one or more requests;
parsing the payload based on the application protocol;
determining a portion of the one or more policies associated with the parsed payload based on the identity and one or more of a protocol fragment, a regular expression, or a rule; and
executing one or more actions associated with the portion of the one or more policies to validate the one or more requests;
wherein the policy container includes one or more policies that are associated with a declared definition for relevancy of the activity that is based on one or more of a local requirement or a local circumstance; and
distributing the policy container to the plurality of mesh agents for validation of the one or more requests based on the one or more policies included in the policy container associated with the activity, wherein the one or more validated requests are forwarded to the resource and one or more invalidated requests are discarded, and wherein persistence of the connection is maintained during the validation of the one or more requests; and
updating the policy container with an association with another activity that is associated with one or more other requests, wherein the updated policy container is selectively distributed to the plurality of mesh agents to locally cause further actions, including:
determining one or more updated policies based on the updated policy container and another declared definition for relevancy of the other activity that is based on one or more of another local requirement or another local circumstance; and
validating the one or more other requests based on the one or more updated policies included in the updated policy container, wherein the one or more other validated requests are forwarded to the resource via the overlay network.
|