This specification relates in general to network segmentation and, but not by way of limitation, to automatically segmenting a network using clustering techniques.
Modern day computer networks are configured to support communications between a variety of hosts running different applications which are operated by different users having different types of user profiles. As the size and complexity of these computer networks grow, the difficulty in comprehending and securing such networks increases. This is especially true in networks which have been running for numerous years. One way to secure such networks is to assign a profile to each host. The profile may indicate certain privileges the host has and how the host is expected to operate. Manual techniques have been developed for assigning profiles to hosts. Such manual techniques may be sufficient for new hosts, but can prove time consuming to assign profiles to existing hosts. Moreover, such manual techniques may not allow for ongoing monitoring, and may therefore be exploitable by nefarious users.