Systems and methods of identity and access management

摘要

The present disclosure generally provides systems and methods of providing identification and access management. The system could include a network security zone having access rules for a network resource object associated with the network. The system could also include a module to collect information related to an attempt to access the network resource object and to generate an alert if the collected information fails to meet certain requirements related to the access rules. The module could change the access rules to prevent possible future unauthorized access attempts based on the collected information.

主权项

1. A method, comprising:
performing, by one or more computer systems: creating a plurality of network security zones, each having one or more network resource objects, wherein a network security zone includes one or more statically defined access rules configured to allow an authorized user to access the one or more network resource objects, wherein the one or more statically defined access rules includes access rules for determining whether a first network resource object within the network security zone is able to communicate with a second network resource object within the network security zone; defining secure relationships between each of the plurality of network security zones; collecting information related to an attempted access to the one or more network resource objects by the authorized user; comparing the collected information with the one or more statically defined access rules; predicting a future unauthorized access attempt based on the collected information; dynamically alter the one or more statically defined access rules to prevent the future unauthorized access attempt; granting the authorized user access to the one or more network resource objects in response to the collected information meeting the one or more statically defined access rules; detecting increased hostility in the network security zone; and in response to detecting the increased hostility, dynamically modifying the one or more statically defined access rules to restrict access of the authorized user to the one or more network resource objects.