AUTONOMOUS POLICY ENFORCEMENT POINT CONFIGURATION FOR ROLE BASED ACCESS CONTROL

摘要

An example profiler device includes one or more processors implemented in circuitry and configured to monitor network traffic entering and exiting the protected network zone; identify one or more endpoints that interface with the protected network zone; compare network traffic characteristics of network traffic associated with the endpoints to network traffic characteristics of known device types to determine device types corresponding to the endpoints; assign one or more network policies to the identified endpoints according to the determined device types; and distribute data representing the assigned network policies to a policy enforcement point (PEP) device to cause the PEP device to enforce the network policies on network traffic, associated with the identified endpoints, entering and exiting the protected network zone.