Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Computing & Software 19-023

Method and System for Dynamic Segmentation and Robust Network Security

Tech ID

19-023

Patent Status

Patent Pending

Inventors

Ridha Khedri
Mohammed Alabbad
Neerja Mhaskar

Contact

Lokesh Mohan
Business Development Officer

Abstract

Modern networks are becoming increasingly complex, driven by the rapid adoption of cloud computing, IoT (Internet of Things), and 5G technologies, which have exponentially increased the number of connected devices. According to Gartner, global spending on network security is projected to reach $20 billion by 2025, highlighting the critical need for advanced solutions. Traditionally, managing network resources involves assigning security policies to each device individually, leading to inefficiencies and challenges in scaling. Additionally, according to IDC, 68% of organizations report difficulties with policy enforcement and segmentation across their networks. While Software-Defined Networking (SDN) has introduced the separation of the control plane (decision-making) from the forwarding plane (data transmission), it still lacks an efficient, scalable method to dynamically group resources and apply tailored security policies, especially as networks evolve and expand. This increasing complexity underscores the demand for innovative solutions that can simplify network management while ensuring robust security.

McMaster researchers have developed an innovative method to manage and secure network resources by automating the segmentation of devices and applying tailored security policies. Technically, the system assigns a “weight” to each resource, such as servers, routers, or access points, based on their security requirements. Resources with similar needs are grouped into subsets, and a network topology is generated to visualize and enforce secure communication between these groups using firewalls and other security measures. The invention dynamically adjusts to changes in the network, such as adding or removing devices, ensuring seamless and consistent protection without manual reconfiguration. For a non-technical audience, this means that the system acts like an intelligent organizer for a network, grouping devices by how secure they need to be, setting up rules to keep them safe, and automatically adapting when the network grows or changes. This makes managing complex networks easier, faster, and more reliable, especially in modern environments like cloud computing, IoT, and Software-Defined Networking (SDN).

Applications

  • Enterprise Networks: Simplifies security for organizations with vast infrastructures and diverse devices.
  • Cloud Computing: Enhances multi-tenant and hybrid cloud security by organizing resources and automating policy enforcement.
  • IoT Networks: Protects large-scale, interconnected devices, ensuring secure and efficient communication.
  • 5G Networks: Provides dynamic segmentation and security for high-speed, bandwidth-intensive networks.
  • Data Centers: Streamlines the management of servers, virtual machines, and storage systems with robust protection.
  • Telecommunications: Improves security in software-defined telecom networks by organizing and securing network elements dynamically.
  • Critical Infrastructure: Secures sensitive environments like healthcare, energy grids, and financial networks with tailored policies and segmentation.

Advantages

  • Automation: Eliminates manual processes by automating resource segmentation, topology creation, and policy enforcement.
  • Scalability: Easily accommodates the growth of networks, including adding new resources or adjusting to changing security needs.
  • Enhanced Security: Isolates high-risk resources and applies customized security policies for each group, reducing vulnerabilities.
  • Flexibility: Adapts dynamically to network changes, ensuring consistent protection without downtime.
  • Efficiency: Reduces operational complexity, improving network performance and reliability.
  • Cost Savings: Cuts down on labor-intensive tasks and reduces potential risks from misconfigurations.
  • Zero Trust and Defense-in-Depth:  Implements zero trust and defense-in-depth strategies.

Publications

  • (n.d.-d). US20240089294A1 – method and system for determining design and segmentation for Robust Network Access Security. Google Patents. https://patents.google.com/patent/US20240089294A1/en
  • Mhaskar, Neerja & Alabbad, Mohammed & Khédri, Ridha. (2021). A Formal Approach to Network Segmentation. Computers & Security. 103. 102162. 10.1016/j.cose.2020.102162.

Hamilton Health Sciences, St. Joseph's Healthcare Hamilton and McMaster University logos.