| 发明名称 | Systems and methods for enforcing secure network segmentation for sensitive workloads | ||
| 摘要 | A computer-implemented method for enforcing secure network segmentation for sensitive workloads may include (1) identifying a sensitive workload that is deployed within a subnet of a segmented network on a remote workload hosting platform, (2) identifying a security policy that applies to the sensitive workload, wherein a deployment of the sensitive workload within the subnet of the segmented network complies with the security policy, (3) intercepting, at a proxy, an attempt to reconfigure the deployment of the sensitive workload within the segmented network on the remote workload hosting platform, (4) determining that the attempt to reconfigure the deployment of the sensitive workload could result in a violation of the security policy, and (5) enforcing, on the proxy, the security policy on the attempt to reconfigure the deployment of the sensitive workload. Various other methods, systems, and computer-readable media are also disclosed. | ||
| 申请公布号 | US9300691(B1) | 申请公布日期 | 2016.03.29 |
| 申请号 | US201313945373 | 申请日期 | 2013.07.18 |
| 申请人 | Symantec Corporation | 发明人 | Banerjee Deb |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | ALG Intellectual Property, LLC | 代理人 | ALG Intellectual Property, LLC |
| 主权项 | 1. A computer-implemented method for enforcing secure network segmentation for sensitive workloads, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying a sensitive workload that is deployed within a subnet of a segmented network that is segmented within a remote workload hosting platform; identifying a security policy that applies to the sensitive workload, wherein a deployment of the sensitive workload within the subnet of the segmented network complies with the security policy; intercepting, at a proxy outside the segmented network, an attempt from outside the segmented network to reconfigure the deployment of the sensitive workload within the segmented network on the remote workload hosting platform, wherein the attempt to reconfigure the deployment of the sensitive workload comprises an attempt to move the sensitive workload from the subnet to an additional subnet within the segmented network; determining that the attempt to reconfigure the deployment of the sensitive workload could result in a violation of the security policy based on a conflict between a configuration of the additional subnet and the security policy that applies to the sensitive workload; enforcing, on the proxy, the security policy on the attempt to reconfigure the deployment of the sensitive workload. | ||
| 地址 | Mountain View CA US | ||