Generation of security policies for microsegmented computer networks

What is claimed is: 1. A computer-implemented method of generating a security policy for a microsegmented computing system, comprising: generating, via a microprocessor circuit coupled to a memory, a port service map comprising a plurality of entities, wherein the port service map indicates inbound packet activity by port for a plurality of network addresses with the microsegmented computing system; and generating, via the microprocessor circuit, a first plurality of security policy recommendations based on the port service map, wherein generating the first plurality of security policy recommendations comprises: generating a metric for each entry in the port service map; obtaining a port traffic log of traffic in the microsegmented computing system, wherein the port traffic log contains log records of packets transmitted in the microsegmented computing system, wherein each log record in the port traffic log includes a source network address, a source port number, a destination network address, and a destination port number associated with the log record; for a selected log record in the port traffic log, determining if the metric for an entry in the port service map having a same destination network address and a same destination port as the selected log record is greater than a threshold; and in response to determining the metric is greater than the threshold, generating a security policy recommendation including the source network address, the destination network address, and the destination port number included in the selected log record. 2. The computer-implemented method of claim 1 , further comprising: generating an estimated accuracy for each entry in the port service map, wherein the metric for each entry in the port service map comprises the estimated accuracy for the entry in the port service map. 3. The computer-implemented method of claim 2 , further comprising: for each security policy recommendation in the first plurality of security policy recommendations, assigning, to the security policy recommendation, an estimated accuracy based on the estimated accuracy for a corresponding entry in the port service map. 4. The computer-implemented method of claim 1 , further comprising: generating a port distribution map comprising a plurality of entries, wherein the port distribution map indicates outbound packet activity by the port for the plurality of network addresses within the microsegmented computing system; and generating a second plurality of security policy recommendations based on the port distribution map. 5. The computer-implemented method of claim 4 , wherein each of the entries in the port distribution map comprises a source network address and a source port associated with the entry, and wherein generating the second plurality of security policy recommendations comprises: generating a second metric for each entry in the port distribution map; for a second selected log record in the port traffic log, determining if the second metric for an entry in the port distribution map having a same source network address and a same source port as the second selected log record is greater than a second threshold; and in response to determining the second metric is greater than the second threshold, generating a second security policy recommendation including the source network address, the destination network address, and the destination port number included in the second selected log record. 6. The computer-implemented method of claim 5 , further comprising: generating an estimated accuracy associated with each entry in the port distribution map, wherein the second metric comprises the estimated accuracy for the entry in the port distribution map. 7. The computer-implemented method of claim 6 , further comprising: for each security policy recommendation in the second plurality of security policy recommendations, assigning, to the second security policy recommendation, an estimated accuracy based on the estimated accuracy for a corresponding entry in the port distribution map. 8. The computer-implemented method of claim 4 , further comprising: generating an estimated accuracy for each entry in the port distribution map; and for each security policy recommendation in the first plurality of security policy recommendations: identifying a corresponding entry in the port distribution map corresponding to the security policy recommendation; determining whether the estimated accuracy for the corresponding entry in the port distribution map is greater than a threshold; and in response to determining that the estimated accuracy for the corresponding entry in the port distribution map is not greater than the threshold, making the security policy recommendation as a false positive. 9. The computer-implemented method of claim 4 , further comprising: generating estimated accuracies for each entry in the port service map and each entry in the port distribution map; combining the first plurality of security policy recommendations and the second plurality of security policy recommendations to form a recommendation list by: identifying a first corresponding entry in the port distribution map corresponding to the security policy recommendation and a second corresponding entry in the port service map corresponding to the security policy recommendation; determining whether an estimated accuracy for the first corresponding entry in the port distribution map is greater than a first threshold; in response to determining that the estimated accuracy for the first corresponding entry in the port distribution map is not greater than the first threshold, making the security policy recommendation as a false positive and assigning to the security policy recommendation an accuracy corresponding to an estimated accuracy for the second corresponding entry in the port service map; in response to determining that the estimated accuracy for the first corresponding entry in the port distribution map is greater than the first threshold, determining whether the estimated accuracy for the second corresponding entry in the port service map is greater than a second threshold; and in response to determining that the estimated accuracy for the second corresponding entry in the port service map is not greater than the second threshold, marking the security policy recommendation as a false positive and assigning to the security policy recommendation an accuracy corresponding to an estimated accuracy for the first corresponding entry in the port distribution map. 10. The computer-implemented method of claim 1 , wherein generating the port service map comprises: grouping log entries in the port traffic log by destination network address and destination port number pairs to form entries in the port service map; generating an inbound packet count, inbound_count, for each entry in the port service map; sorting the entries in the port service map by inbound packet count; and generating a difference value, inbound_diff, for each entry in the port service map, wherein the difference value is generated by subtracting the inbound packet count for a next succeeding entry from the inbound packet count for the entry. 11. The computer-implemented method of claim 10 , further comprising: determining a smallest value, min_count, of the inbound_count in the port service map; starting with a first entry in the port service map having a highest inbound packet count, determining of each of a next n number of entries in the port service map satisfies an inequality inbound_diff<=min_count, where n is a positive integer; and in response to determining that each of the next n number of entries in the port servic