Fortinet, Inc.
Predicting the risk associated with a network flow, such as one involving an IoT device, and applying an appropriate level of security inspection based thereon

Abstract:

Systems and methods for applying a risk-based approach to security inspection of network flows is provided. According to one embodiment, a packet of a flow between a first and second device coupled with a private network is received by a network security device. If an explicit flow policy is defined for the flow, it is applied to the flow; otherwise: (i) a risk level associated with the flow is obtained based on one or more of attributes of the flow, one or more derived attributes of the flow, one or more attributes of the first or second device, analysis of local or remote security logs, environmental parameters, past experience with the first or second device or with a device similar, and behavior of the flow; and (ii) a flow policy selected from multiple flow policies based on the obtained risk level is applied to the flow.