×

Granular segmentation using events

  • US 9,787,639 B1
  • Filed: 12/21/2016
  • Issued: 10/10/2017
  • Est. Priority Date: 06/24/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method implemented by at least one hardware processor for granular segmentation of data networks, the method comprising:

  • receiving from a metadata source event metadata associated with a workload;

    identifying a workload type using the event metadata;

    determining a high-level declarative security policy using the workload type;

    launching a compiler to generate a low-level firewall rule set using the high-level declarative security policy and the event metadata; and

    configuring by a plurality of enforcement points a respective network switch of a plurality of network switches to process packets in accordance with the low-level firewall rule set, the plurality of network switches being collectively communicatively coupled to a plurality of workloads, such that network communications between a first group of workloads of the plurality of workloads and the workload are not permitted, and between a second group of workloads of the plurality of workloads and the workload are permitted.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×