SYSTEM AND METHOD FOR PROVIDING APPLICATION ISOLATION ON A PHYSICAL, VIRTUAL OR CONTAINERIZED NETWORK OR HOST MACHINE

摘要

A method for isolating applications on a network, the method including: denying network traffic access to applications sitting behind an Access Gateway Engine; receiving a username of a user that logs onto the network; extracting a source address associated with the username; retrieving a list of applications with which the username is permitted to communicate; extracting application destination information for each application of the list of applications; generating an access control policy for the username, the access control policy allowing the username having the source address to communicate with the list of application each of which having respective the destination information; the Access Gateway Engine allowing or denying the network traffic, originating from the username source address, access to the applications, according to the access control policy for the user.