Methods, systems, and media for security in virtualization, bare-metal server, and cloud computing environments are provided herein. Exemplary methods include: receiving network traffic associated with a primary workload; generating first metadata using the network traffic; determining a primary categorization associated with the primary workload, using the first metadata; confirming the primary categorization is reliable; determining a secondary categorization associated with at least one secondary workload, the at least one secondary workload being communicatively coupled to the primary workload; ascertaining the primary categorization and the secondary categorization are consistent with each other and are each stable; producing a model using the primary categorization and the secondary categorization; checking the model for sustained convergence; and generating a high-level declarative security policy associated with the primary workload using the model, the high-level declarative security policy indicating at least an application or service with which the primary workload can communicate.