| 主权项 |
1. A system comprising:
a source machine; a destination machine; a policy compiler; and an enforcement point communicatively coupled via a network to the source machine, the destination machine, and the policy compiler, the enforcement point including a processor and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method including:
acquiring a firewall security policy from the policy compiler;receiving network traffic originating from the source machine and directed to the destination machine;analyzing the network traffic using the firewall security policy;forwarding or dropping the network traffic according to the firewall security policy;accumulating the network traffic and metadata associated with the network traffic; andinitiating an update to the firewall security policy by the policy compiler using at least one of the network traffic and the metadata, the initiating the update to the firewall security policy by the policy compiler comprising:receiving information associated with the source machine and the destination machine from an external system of record;weighting one or more of a redirected network packet, further network traffic, the metadata, and the received information;statistically analyzing the weighted one or more of the redirected network packet, the further network traffic, the metadata, and the received information to calculate an updated risk score; andproviding the updated risk score to the policy compiler, such that the policy compiler produces an updated security policy. |
