A server, in communication with a plurality of microservices in a microservices mesh environment, obtains data about inbound communications to a first microservice and outbound communications from the first microservice of the plurality of microservices. The server analyzes the data to learn an operational behavior of the first microservice and determine a firewall rule set to be applied associated with the first microservice based on the operational behavior learned for the first microservice. The server causes a micro-firewall to be instantiated for the first microservice. The micro-firewall is configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.