Methods and systems that generate and use microsegmentation quotients for security monitoring of distributed-computer-system components

The invention claimed is: 1. A security-monitoring system that generates microsegmentation quotients, which represent security levels of system entities within a distributed computer system, that are displayed to administration and management personnel to facilitate evaluation, by the administration and management personnel, of security contexts of particular components or subsystems within the distributed computer system and amelioration of security problems, the security-monitoring system comprising: one or more processors, one or more memories, and one or more data-storage devices within one or more computer systems; and computer instructions, stored in one or more f the one or memories, that, when executed by one or more of the processors, control the security system to estimate a microsegmentation quotient for each of the system entities, iteratively refine the microsegmentation quotient for each of the system entities, periodically recompute the microsegmentation quotient for each of the system entities, receive, from one or more requestors, requests for microsegmentation quotients for each of one or more specified system entities, the requestors including an automated administration-and-management system, and a display routine that displays microsegmentation quotients on a display device, and transmit the requested microsegmentation quotients to the requestors. 2. The security-monitoring system of claim 1 wherein the system entities include one or more: distributed computer systems; individual data centers; discrete computer systems; data-storage appliances; networking appliances; and hardware and computer-instruction-implemented components of discrete computer systems, including data-storage device, networking devices, operating systems, virtualization layers, distributed applications, distributed-application components, virtual machines, virtual networks, virtual network appliances, and virtual data-storage appliances. 3. The security-monitoring system of claim 1 wherein a microsegmentation quotient is a scalar value within a specified range of scalar values. 4. The security-monitoring system of claim 1 wherein each type of system entity is associated with a set of features that each comprises a set of attributes, each attribute a Boolean-valued, integer-value, or real-number-valued metric, the value of which is computationally generated, for a particular system entity of the type of system entity at a particular time, from characteristics and parameters associated with the system entity. 5. The security-monitoring system of claim 4 wherein each attribute of each system-entity type is associated with an attribute threshold, an attribute weight, and an attribute function; and wherein an attribute increment is generated for a system entity by inputting the value of the attribute, along with the attribute threshold associated with the attribute for the system-entity type of the system entity, to the attribute function associated with the attribute for the system-entity type of the system entity, which returns an attribute result that is multiplied by the attribute weight associated with the attribute for the system-entity type of the system entity to produce an attribute increment. 6. The security-monitoring system of claim 5 wherein a microsegmentation quotient for a system entity if generated by for each feature associated with the system-entity type of the system-entity, summing the attribute increments of the attributes associated with the feature for the system entity to produce a feature value; generating a feature term for each feature associated with the system-entity type of the system-entity by multiplying the feature value for the feature with a feature weight associated with feature; and adding the feature terms to produce an initial quotient. 7. The security-monitoring system of claim 6 further comprising mapping the initial quotient to the specified range of scalar values to generate a final microsegmentation quotient. 8. The security-monitoring system of claim 1 wherein the security-monitoring system estimates a microsegmentation quotient for each of the system entities by: using a training data set to estimate the microsegmentation quotient for each system entity, the training data set including attribute values and microsegmentation-quotient values for each system entity in a set of system entities in one or more distributed computer systems. 9. The security-monitoring system of claim 8 wherein the security-monitoring system estimates the microsegmentation quotients for each system entity of a system-entity type by filtering the training data set to include only data for system entities of the system-entity type; for each feature associated with the system-entity type, for each attribute associated with the feature, projecting the attribute values for the feature in the training data set as data points into an attribute space, for each system entity of a system-entity type, projecting the attribute values of the system entity for the feature as a target point into the attribute space, identifying a specific number of nearest data-point neighbors of the target point, and determining an initial feature value of the feature for the system entity from the specific number of nearest data-point neighbors of the target point; and generating an initial microsegmentation quotient for each system entity of the system-entity type from the feature values determined for the system entity. 10. The security-monitoring system of claim 1 wherein the security-monitoring system iteratively refines the microsegmentation quotient for each system entity by recomputing the microsegmentation quotient for each system entity based on current microsegmentation quotients for each system entity until a maximum number of recomputations of the microsegmentation quotients have been carried out or until the sum of the absolute values of the squared differences between the most recently recomputed microsegmentation quotients and the next most recently recomputed microsegmentation quotients falls below a threshold sum. 11. The security-monitoring system of claim 1 wherein the security-monitoring system periodically recomputes the microsegmentation quotient for each of the system entities by: initially and at time intervals of a first length, estimating a microsegmentation quotient for each of the system entities, for each system entity, assigning the estimated microsegmentation quotient for the system entity to the system entity as the current microsegmentation quotient, and iteratively refining the microsegmentation quotient for each of the system entities; and at time intervals of a second length, shorter than the first length, within the time intervals of the first length, iteratively refining the microsegmentation quotient for each of the system entities. 12. A method that generates a microsegmentation quotient for a system entity which represent a security level of the system entity within a distributed computer system, the method carried out by a security-monitoring system that generates microsegmentation quotients, which represent security levels of system entities within a distributed computer system, that are displayed to administration and management personnel to facilitate evaluation, by the administration and management personnel, of security contexts of particular components or subsystems within the distributed computer system and amelioration of security problems, the security-monitoring system implemented within one or more processors, one or more memories, and one or more data-stor