Juniper Networks, Inc.
Generating a network security policy based on behavior detected after identification of malicious behavior

Abstract:

A device receives information identifying malicious behavior by a compromised endpoint device associated with a network and traffic associated with the compromised endpoint device after the malicious behavior is identified. The device receives endpoint device information identifying other endpoint devices associated with the network, wherein the compromised endpoint device is not one of the other endpoint devices. The device receives network device information identifying network devices associated with the network, and processes the traffic, the endpoint device information, and the network device information, with a machine learning model, to generate a security policy to isolate the malicious behavior. The device performs one or more actions based on the security policy to isolate the malicious behavior.