Granular segmentation using events

Assignee

• vArmour Networks, Inc. · US

Inventors

• Yi Sun · San Jose, US
• Myo Zarny · Saddle Rock, US
• Marc Woolward · Bude, GB

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45591
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems for granular segmentation of data networks are provided herein. Exemplary methods include: receiving from a metadata source event metadata associated with a workload; identifying a workload type using the event metadata; determining a high-level declarative security policy using the workload type; launching a compiler to generate a low-level firewall rule set using the high-level declarative policy and the event metadata; and configuring by a plurality of enforcement points a respective network switch of a plurality of network switches to process packets in accordance with the low-level firewall ruleset, the network switches being collectively communicatively coupled to a plurality of workloads, such that network communications between a first group of workloads of the plurality of workloads and the workload are not permitted, and between a second group of workloads of the plurality of workloads and the workload are permitted.