Adaptive network security using zero trust microsegmentation

We claim: 1 . A zero-trust microsegmentation method comprising: collecting information associated with devices of a network, each device being a respective atomic network configured to cause all device traffic to traverse a gatekeeper associated with the devices; determining, based on the collected information, network microsegments each configured to include one or more of the devices; determining a zero-trust security policy in which communication permissions for the devices of the network are denied by default unless otherwise allowed, the communication permissions including one or more communication dimensions; and iteratively performing: analyzing network traffic under the zero-trust security policy; adapting the zero-trust security policy, based on the analysis of the network traffic, to adjust the communication permissions for the one or more communication dimensions to include one or more modifications to the one or more communication dimensions; and implementing the zero-trust security policy, including one or more modifications to one or more communication dimensions. 2 . The method of claim 1 , wherein the one or more communication dimensions include an internet-intranet dimension defining a restrictiveness distinction between internet traffic and intranet traffic. 3 . The method of claim 1 , wherein the one or more communication dimensions include an input-output dimension defining a restrictiveness distinction between input traffic and output traffic. 4 . The method of claim 1 , wherein the one or more communication dimensions include a segment dimension defining a restrictiveness distinction between inter-segment traffic and intra-segment traffic. 5 . The method of claim 1 , wherein the one or more communication dimensions include: a port dimension defining a port-based traffic restrictiveness distinction; and/or a path dimension defining a communication path-based traffic restrictiveness distinction. 6 . The method of claim 1 , wherein the one or more communication dimensions include: a user dimension defining a user-based traffic restrictiveness distinction; a user group-based traffic restrictiveness distinction; an inter-group dimension defining an inter-group traffic restrictiveness distinction; and/or an intra-group dimension defining an intra-group traffic restrictiveness distinction. 7 . The method of claim 1 , wherein the one or more communication dimensions include an application dimension defining an application-based traffic restrictiveness distinction. 8 . The method of claim 1 , wherein each of the respective atomic networks are networks of one. 9 . The method of claim 1 , wherein establishing each device as a respective network-of-one comprises: assigning an individualized subnet to each device, wherein the individualized subnets cause all of the device traffic to traverse the gatekeeper. 10 . The method of claim 8 , wherein the gatekeeper is configured as a default gateway for the devices. 11 . The method of claim 9 , wherein assigning the individualized subnet comprises assigning a /32 subnet or a 255.255.255.255 subnet mask to each device. 12 . A zero-trust microsegmentation method comprising: collecting information associated with devices of a network, each device being a respective individual network configured to cause all device traffic to traverse a network device common to and associated with the devices; determining, based on the collected information, network microsegments that each include one or more of the devices within the respective individual network; determining a zero-trust security policy including communication permissions; and iteratively performing: analyzing network traffic under the communication permissions of the zero-trust security policy; and adapting one or more of the communication permissions, based on the analysis of the network traffic, to provide the zero-trust security policy including the one or more adapted communication permissions. 13 . The method of claim 12 , wherein the zero-trust security policy is configured to deny network traffic for the devices of the network by default unless otherwise allowed. 14 . The method of claim 12 , wherein adapting the one or more of the communication permissions comprises removing the one or more of the communication permissions from the zero-trust security policy. 15 . The method of claim 12 , further comprising determining a suggested modification the one or more of the communication permissions based on the analysis of the network traffic. 16 . The method of claim 12 , wherein adapting one or more of the communication permissions comprises modifying a communication dimension of the zero-trust security policy. 17 . The method of claim 12 , wherein the network device is a gatekeeper configured as a default gateway for the devices, the method further comprising enforcing, by the gatekeeper, the zero-trust security policy on the device traffic traversing the gatekeeper. 18 . The method of claim 15 , wherein the adapting the one or more of the communication permissions is based on feedback responsive to the suggested modification. 19 . The method of claim 17 , wherein collecting information associated with the devices comprises analyzing, by the gatekeeper, the device traffic traversing the gatekeeper to collect the information associated with the devices. 20 . The method of claim 18 , wherein the feedback comprises acceptance or rejection of the suggested modification.