Patent attributes
Methods, systems, apparatuses, and computer program products are provided for generating a network security rule. Existing security rules may be determined across a network that includes a plurality of network resources, such as computing devices or virtual machines. A map is generated that identifies each of the permitted connections between the resources over the network. In some implementations, the map may include a network topology map. Network traffic data for each of the permitted connections may be gathered or monitored. Based on the existing security rules and the gathered network traffic data, an enhanced security rule may be generated for a particular connection that reduces data traffic over connection, which improves network security by further hardening the available communication paths.
