| CPC H04L 63/105 (2013.01) [H04L 63/0838 (2013.01); H04L 63/102 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
installing a control program in each functional element of a protected distributed computer system that is organized in a plurality of logical layers or zones, one or more of the logical layers or zones hosting one or more sensitive data resources associated with an operational technology or information technology;
receiving a first request from a user computer to access a first sensitive data resource of a first layer or zone from among the plurality of logical layers or zones;
assessing a policy associated with the first sensitive data resource, the policy being based on a zero-trust model;
acquiring identity information for a user account specified in the first request;
performing a multi-layer multi-factor authentication of the user account using the identity information of the user account and a multi-layer cybersecurity model;
in response to authenticating the identity information, obtaining sensitive access data corresponding to the identity information and determining a sensitive resource access value using a zero trust approach which is applied to authenticate the user account using the sensitive access data and the zero trust model;
in response to determining the sensitive resource access value is above a predetermined threshold, authenticating the user account;
in response to receiving one or more second requests to access a second sensitive data resource of any of the plurality of logical layers or zones, repeating the receiving, the assessing, the acquiring, the performing, the obtaining, the determining, and the authentication.
|