Zscaler, Inc.
Administrative policy override in microsegmentation

Abstract:

Systems and methods include responsive to monitoring network communications of a network, generating a network communication model that labels the network communications, and generating policies based on the network communication model, wherein the policies specify which applications are authorized to communicate with one another, providing corresponding policies to a plurality systems in the network, wherein each system utilizes the corresponding policies to allow or block communications; responsive to one or more unauthorized communications being needed, performing two-factor authorization to determine if an exception is acceptable; and responsive to the two-factor authorization, providing temporary policies for the exception to allow the one or more unauthorized communications for a period of time.