Adaptive network security using zero trust microsegmentation

We claim: 1 . A zero-trust microsegmentation method comprising: collecting information associated with devices of a network; determining, based on the collected information, atomic network microsegments, where each atomic network microsegment includes a single one of the devices; determining an initial zero-trust security policy in which communication permissions for the devices of the network are denied by default unless otherwise allowed, the communication permissions including one or more communication dimensions; analyzing network traffic under the initial zero-trust security policy; and adapting the initial zero-trust security policy, based on the analysis of the network traffic, to adjust the communication permissions for the one or more communication dimensions to generate an adapted zero-trust security policy including one or more modifications to the one or more communication dimensions. 2 . The method of claim 1 , further comprising iteratively performing: analyzing network traffic under the adapted zero-trust security policy; and adapting the adapted zero-trust security policy, based on the analysis of the network traffic under the adapted zero-trust security policy, to adjust the communication permissions for another of the one or more communication dimensions to generate a further adapted zero-trust security policy including one or more modifications to the other of the one or more communication dimensions; and implementing the further adapted zero-trust security policy. 3 . The method of claim 1 , wherein the one or more communication dimensions include an internet-intranet dimension defining a restrictiveness distinction between internet traffic and intranet traffic. 4 . The method of claim 1 , wherein the one or more communication dimensions include an input-output dimension defining a restrictiveness distinction between input traffic and output traffic. 5 . The method of claim 1 , wherein the one or more communication dimensions include a segment dimension defining a restrictiveness distinction between inter-segment traffic and intra-segment traffic. 6 . The method of claim 1 , wherein the one or more communication dimensions include: a port dimension defining a port-based traffic restrictiveness distinction; and/or a path dimension defining a communication path-based traffic restrictiveness distinction. 7 . The method of claim 1 , wherein the one or more communication dimensions include: a user dimension defining a user-based traffic restrictiveness distinction; a user group-based traffic restrictiveness distinction; an inter-group dimension defining am inter-group traffic restrictiveness distinction; and/or an intra-group dimension defining an intra-group traffic restrictiveness distinction. 8 . The method of claim 1 , wherein the one or more communication dimensions include an application dimension defining an application-based traffic restrictiveness distinction. 9 . The method of claim 1 , further comprising establishing the network, wherein each device of the network is in its own network of one. 10 . The method of claim 9 , wherein the networks of one are configured to cause all device traffic to traverse a gatekeeper configured as a default gateway for the devices. 11 . A zero-trust microsegmentation method comprising: collecting information associated with devices of a network; determining, based on the collected information, atomic network microsegments, where each atomic network microsegment includes a single one of the devices; determining an initial zero-trust security policy including communication permissions; analyzing network traffic under the communication permissions of the initial zero-trust security policy; and adapting one or more of the communication permissions, based on the analysis of the network traffic, to generate an adapted zero-trust security policy including the one or more adapted communication permissions. 12 . The method of claim 11 , further comprising iteratively performing: the analyzing network traffic, and adapting one or more of the communication permissions based on the analysis of the network traffic. 13 . The method of claim 11 , wherein the initial zero-trust security policy is configured to deny network traffic for the devices of the network by default unless otherwise allowed. 14 . The method of claim 11 , wherein adapting the one or more of the communication permissions comprises removing the one or more of the communication permissions from the initial zero-trust security policy to generate the adapted zero-trust security policy. 15 . The method of claim 11 , further comprising determining a suggested modification the one or more of the communication permissions based on the analysis of the network traffic. 16 . The method of claim 15 , wherein the adapting the one or more of the communication permissions is based on feedback responsive to the suggested modification. 17 . The method of claim 16 , wherein the feedback comprises acceptance or rejection of the suggested modification. 18 . The method of claim 11 , wherein adapting one or more of the communication permissions comprises modifying a communication dimension of the initial zero-trust security policy. 19 . The method of claim 11 , further comprising establishing the network, wherein each device of the network is in its own network of one. 20 . The method of claim 19 , wherein the networks of one are configured to cause all device traffic to traverse a gatekeeper configured as a default gateway for the devices.