Least privilege network access controls advisor

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Samuel Bayless · Vancouver, CA
• John David Backes · Minneapolis, US
• Vaibhav Katkade · Sunnyvale, US
• Daniel William Dacosta · Saint Paul, US
• Syed Mubashir Iqbal · Seattle, US
• Nadia Labai · Redmond, US
• Patrick Trentin · Minneapolis, US
• Nikolaos Giannarakis · Seattle, US
• Nathan Launchbury · Seattle, US
• Divya Raghunathan · Princeton, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques implemented by a network-access analysis system to analyze network access controls for networks, identify traffic flows that are unobserved and unrequired, and determine proposed changes to the network access controls that restrict access from unobserved traffic flows. The system may analyze the network access controls, and determine whether unrequired traffic flows are allowed to be communicated in the network. For instance, the system may analyze network flow logs and identify observed traffic flows that are required by applications in the network, and also identify unobserved traffic flows that are permitted access to, but are not observed in, the network. The system may propose changes to the network access controls to restrict network access by these unobserved traffic flows. A network administrator can receive recommendations from the system regarding the proposed changes, and determine whether they would like to implement the proposed changes to their network access controls.