Managing a segmentation policy based on attack pattern detection
US11223643B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 7, 2019 |
| Grant date | Jan 11, 2022 |
| Priority date | — |
| Expiry date | Jul 15, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A policy management server detects attack patterns in traffic flows reported by distributed enforcement modules enforcing the segmentation policy. The policy management server generates a traffic flow graph representing traffic flows between workloads or groups of workloads. Traffic flows matching one or more traffic flow patterns may be tagged in the traffic flow graph. For example, if an attack pattern is present in a connection that is blocked under the segmentation policy, the policy management server may block updates to the segmentation policy that attempt to enable the connection or may alert an administrator prior to enabling the update. If an attack pattern is present in a connection that is allowed under the segmentation policy, the segmentation policy may be updated to block the connection, alert an administrator, redirect traffic to a deception service, or take other remedial action.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.