US Patent 10931638 Automated firewall feedback from network traffic analysis

Security rule feedback systems and methods include capturing network traffic data, the network traffic data including a plurality of traffic records. The traffic records are grouped into first and second traffic records having corresponding first and second source address identifiers, first and second source port identifiers, first and second destination address identifiers, and first and second destination port identifiers. Network interfaces associated with the first and second records are identified based on source address identifiers. Security rule populations are associated to the network interfaces. A determination is made as to a direction of network traffic based on the security rule populations. Thereby, dispensable security rules may be identified.