Template-driven intent-based security

Assignee

• vArmour Networks, Inc. · US

Inventors

• Marc Woolward · Bude, GB
• Meng Xu · San Jose, US
• Hong Xiao · Acton, US
• Keith Stewart · San Francisco, US
• Matthew Williamson · King City, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.