-
-
netbox dashboard + api. this is where engineers can plan their network systems.
-
bridging netbox and zeek :) #opensource
-
a simple but powerful call script.
-
eureka: successful anomaly detection. #$$$
At any software business, thousands of devices communicate over networks, and while this connectivity fuels innovation and growth, it also introduces vulnerabilities. Large enterprises often manage these risks through costly solutions offered by companies like Cisco or Palo Alto. But what about small and medium businesses (SMBs)? They face the same threats (malware, ransomware, unauthorized access) but lack the budget or expertise to build complex, segmented networks. That gap is what drove our team to create Segment, a solution designed to bring enterprise-grade network segmentation and cyber resilience to businesses of all sizes.
We saw that effective network segmentation (keeping certain parts of the network isolated from others) is one of the best ways to contain security breaches. If an attacker compromises one segment, segmentation prevents lateral movement and limits the damage. The problem is that defining and enforcing segmentation rules is hard. It typically requires manual configurations, a deep understanding of both the business structure and the underlying network, and expensive hardware. We wanted to automate that process.
Segment is built around a key insight: business policies (like “students can only access student resources” or “HR should not access production servers”) can be translated into enforceable network rules. We use NetBox as the starting point, allowing users to design and define network segments and relationships in a centralized, user-friendly platform. From there, we built a Python-based policy translator that pulls this data from NetBox’s API and converts the abstract policies into Zeek-compatible enforcement logic (Python scripts!!). Zeek then acts as our policy enforcer, monitoring live network traffic and generating real-time alerts when communication violates the defined segmentation policies.
Our project architecture is a three-stage pipeline:
NetBox as Policy Design – We customized NetBox to serve as our policy design layer. Using custom fields and structured tags, we allowed users to define which network segments (like departments or trust zones) exist and which are permitted to communicate. This created a source of truth for network segmentation policies.
Python as Policy Translator – Our script pulls the segment relationships from NetBox’s API, maps abstract business logic into concrete network rules, and generates Zeek scripts to enforce those rules. We designed the translator to handle a variety of models, including department-based, role-based, and sensitivity-based segmentation.
Zeek as Policy Enforcer – Zeek monitors network traffic in real-time. Our generated scripts tell Zeek what to watch for: for example, if a development workstation attempts to talk to a production database, it flags this as a violation. The alerts are immediate and actionable, helping IT teams intervene before threats can spread.
Challenges
One of the hardest challenges we faced was designing a flexible policy model that could capture the diversity of real-world business structures. Some organizations segment by department, others by data sensitivity, others by project teams. Our translator needed to support all of these use cases while remaining user-friendly and robust. There's only so many use cases you can optimize for in a 24 hour hackathon format, but we successfully designed Segment to be customizable as hacker communities develop their own Python scripts for unique security use cases. The future of Cyber is open source.
Another major challenge was ensuring that our generated Zeek scripts were syntactically and logically correct. Even a small error could prevent the policy from being enforced or, worse, result in false positives or missed threats. We implemented validation steps to test scripts before deployment and built in support for different network topologies. Too strict of a policy could create unnecessary friction and reduce network performance, while too loose would be ineffective for security. We had to build an engine that could strike that balance and allow users to tune it according to their needs.
What we’re most proud of is making security accessible. We built something that doesn’t require a team of security engineers to deploy. Any SMB can use Segment to improve their network hygiene and become more resilient to attacks. And we didn’t stop at building a working prototype—we validated it through real-world use cases, demonstrating how it can detect unauthorized traffic and contain threats by enforcing logical segmentation boundaries.
Through this journey, we learned a lot. We deepened our understanding of how business structures shape network communication patterns, how segmentation can serve as a powerful security tool, and how to bridge the gap between policy and implementation. Most importantly, we learned how to build systems that prioritize both security and usability—a rare but necessary combination.
Looking forward, we see Segment evolving into a full-fledged segmentation framework. We want to add features like visual policy graphs, machine learning for detecting anomalous traffic, and even automatic remediation for policy violations. Our goal is to help businesses implement the principle of least privilege at the network level, without the need for expensive firewalls or proprietary systems.
We want to give all businesses, regardless of size, the tools they need to defend themselves in an increasingly connected world. The delivery plan is where capital comes in, and HOF's talent network, scaling pipelines, can get us to that vision of a future free from repetitive work.
Log in or sign up for Devpost to join the conversation.