| CPC H04L 63/20 (2013.01) [H04L 63/0263 (2013.01); H04L 63/1425 (2013.01)] | 24 Claims |
|
1. A zero-trust microsegmentation method comprising:
collecting, using a plurality of zero-trust agents, information associated with devices of a network, wherein each of the devices of network include a respective one of the plurality of zero-trust agents, the collected information being based on respective device traffic traversing the zero-trust agents, wherein each of the zero-trust agents is executing on its respective one of the devices of the network;
determining, using the plurality of zero-trust agents and based on the collected information, a plurality of network microsegments, wherein each of the devices are within at least one the plurality of network microsegments;
determining an initial zero-trust security policy in which communication permissions for the devices of the network are denied by default unless otherwise allowed, the communication permissions including one or more communication dimensions;
analyzing, using the plurality of zero-trust agents, network traffic traversing the plurality of zero-trust agents under the initial zero-trust security policy; and
adapting the initial zero-trust security policy, based on the analysis of the network traffic traversing the plurality of zero-trust agents under the initial zero-trust security policy, to adjust the communication permissions for the one or more communication dimensions to generate an adapted zero-trust security policy including one or more modifications to the one or more communication dimensions.
|