TRACKING HOST THREATS IN A NETWORK AND ENFORCING THREAT POLICY ACTIONS FOR THE HOST THREATS

摘要

A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.