Adaptive network security using zero trust microsegmentation

We claim: 1 . A zero-trust microsegmentation method comprising: establishing a network where each device of the network is in its own network-of-one with a gatekeeper being a default gateway for the devices; collecting, using the gatekeeper, information associated with the devices of the network; determining, based on the collected information, a plurality of network microsegments; determining a zero-trust security policy in which permission for communications by the devices of the network is denied by default unless otherwise allowed; selectively allowing communications, based on received feedback and a communication template including one or more predefined allowed communications, associated with one or more of the plurality of network microsegments; and denying communications over all remaining communication paths associated with the one or more of the plurality of network microsegments. 2 . The method of claim 1 , further comprising, iteratively: determining network traffic patterns; and adapting the selectively allowed communications and the denied communications based on the determined network traffic patterns. 3 . The method of claim 2 , wherein determining the network traffic patterns comprises analyzing firewall logs to analyze allowed and/or denied communications. 4 . The method of claim 1 , wherein determining the zero-trust security policy comprises: allowing communications as previously permitted; determining, by the gatekeeper, network traffic patterns based on analysis of communications traversing the gatekeeper; providing the determined traffic patterns to a user; and selectively allowing or denying based on feedback from the user, one or more communications associated with one or more of the plurality of network microsegments and/or one or more of the devices. 5 . The method of claim 1 , further comprising analyzing communications traversing the gatekeeper using heuristics to determine the plurality of network microsegments and/or the zero-trust security policy. 6 . The method of claim 1 , further comprising continually observing denied network traffic and providing a notification of the denied network traffic to a user, wherein the received feedback is received in response to the provided notification. 7 . The method of claim 1 , further comprising: analyzing the selectively allowed communications; determining recommendations for one or more additional network control actions based on the analysis of the selectively allowed communications; and adapting the selectively allowed communications based on received-feedback responsive to the determined recommendations. 8 . The method of claim 7 , further comprising displaying the determined recommendations to a user, wherein the feedback responsive to the determined recommendations includes an input from the user. 9 . The method of claim 7 , wherein the selectively allowed communications are analyzed using heuristics to determine the recommendations. 10 . The method of claim 7 , wherein the feedback is automatically generated based on the determined recommendations so as to automatically adapt the selectively allowed communications. 11 . The method of claim 1 , wherein the networks-of-one are configured to cause all device traffic to traverse the gatekeeper. 12 . The method of claim 1 , wherein establishing the network comprises implementing a subnet mask of 255.255.255.255 or a subnet mask/32 to establish the respective network-of-one for each of the devices of the network, the networks-of-one causing all device traffic to traverse the gatekeeper. 13 . The method of claim 1 , wherein the information comprises: device information of one or more of the devices; network information; geolocation information of one or more of the devices; and/or user information of one or more users associated with one or more of the devices. 14 . The method of claim 1 , wherein the devices of the network are free of local zero-trust agents configured to provide zero-trust least-privilege micro-segmentation. 15 . An apparatus comprising: a processor; and a memory for storing computer readable instructions that, when executed by the processor, cause the apparatus to: determine a plurality of network microsegments based on information associated with devices of a network collected by a gatekeeper deployed in the network, wherein each of the devices of the network is in its own network-of-one; determine a zero-trust security policy in which permission for communications by the devices of the network is denied by default unless otherwise allowed; selectively allow communications, based on received feedback and a communication template including one or more predefined allowed communications, associated with one or more of the plurality of network microsegments; and deny communications over all remaining communication paths associated with the one or more of the plurality of network microsegments. 16 . The apparatus of claim 15 , wherein, to determine the zero-trust security policy, the processor is configured to: allow communications as previously permitted; determine network traffic patterns based on analysis of communications traversing the gatekeeper; provide the determined traffic patterns to a user; and selectively allow or deny, based on feedback from the user, one or more communications associated with one or more of the plurality of network microsegments. 17 . The apparatus of claim 15 , wherein the networks-of-one of the respective devices are established using subnet masking that causes all device traffic to traverse the gatekeeper. 18 . The apparatus of claim 15 , wherein the instructions, when executed, cause the apparatus to control the gatekeeper to collect the information associated with the devices of the network. 19 . A network gatekeeper comprising: a processor; and a memory for storing computer-readable instructions that, when executed by the processor, cause the gatekeeper to: collect information associated with devices of a network where each device of the network is in its own network-of-one, the gatekeeper being a default gateway for the devices, wherein the network is configured to cause all device traffic to traverse the gatekeeper; determine, based on the collected information, a plurality of network microsegments; determine a zero-trust security policy in which permission for communications by the devices of the network is denied by default unless otherwise allowed; selectively allow communications, based on received feedback, associated with one or more of the plurality of network microsegments; and deny communications over all remaining communication paths associated with the one or more of the plurality of network microsegments. 20 . The network gatekeeper of claim 19 , wherein the selective allowing of the communications is further based on a communication template including one or more predefined allowed communications.