Intent-based enterprise security using dynamic learning of network segment prefixes
US12095817B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 30, 2021 |
| Grant date | Sep 17, 2024 |
| Priority date | — |
| Expiry date | Dec 27, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/668
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.