Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A computer system automatically generates a proposal for network application security policies to be applied on a telecommunications network. The system provides output representing the proposed network application security policies to a user. The user provides input either approving or disapproving of the network application security policies. If the user approves, then the system applies the of the proposed microsegmentation. This process may be repeated for a plurality of hosts and subsets thereof within the same network, and may be repeated over time to modify one or more existing network application security policies. The network application security policies govern inbound and outbound connections to the hosts in the network.

Abstract: A computer system automatically generates a proposal for performing microsegmentation on a network. The system provides output representing the proposed microsegmentation to a user. The user provides input either approving or disapproving of the proposed microsegmentation. If the user approves of the proposed microsegmentation, then the system implements the microsegmentation. Otherwise, the system does not implement the proposed microsegmentation. This process may be repeated for a plurality of proposed microsegmentations within the same network, and may be repeated over time to modify one or more existing microsegmentations. The system advantageously performs the vast majority of the work required to microsegment the network automatically, leaving only the task of review and approval to the user. This both saves a significant amount of time and increases the quality of the microsegmentation in comparison to microsegmentation solely performed manually by one or more humans.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.