Cloud Network Security

Protect cloud native applications from every network attack path.

As cloud adoption accelerates, organizations have a much greater responsibility to protect their digital assets on the network. The strongest approach to cloud network security is one that delivers visibility, prevention and intelligence.

Read the e-book: Identity-Powered Microsegmentation.

Block threats and prevent lateral movement on your cloud network

Prisma® Cloud, combined with our VM-Series or CN-Series NGFWs, delivers Cloud Network Security that provides high-fidelity network visibility and controls. See the workloads, applications and content on your cloud network. Security teams can reduce risk and block threats from entering the cloud, stop lateral movement within the cloud, and prevent critical data from leaving the cloud.
  • Block inbound threats
  • Stop lateral attack movement
  • Secure outbound traffic
  • Microsegmentation
    Microsegmentation
  • Virtual firewalls
    Virtual firewalls

THE PRISMA CLOUD SOLUTION

Our approach to Cloud Network Security

Identity-Based Microsegmentation

Securing traffic between cloud native applications requires purpose-built controls. Identity-Based Microsegmentation helps you see how applications communicate and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release.

  • Starting with workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity defined as tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity-based visibility

    Protected workloads send and receive identity upon each connection request so that you don’t have to rely on contextless IP addresses for visibility and control. See how apps communicate in an app dependency map.

  • Easy-to-understand policy language

    Microsegmentation policies use contextual, application language (e.g., service=frontend can talk to service=backend) instead of network language (e.g., allow 192.168.10.20 to 10.0.0.31).

  • Stronger workload defense

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is not verified or authorized, then network access request is denied to ensure additional protection.


Virtual firewalls

Protecting your applications and data from a dynamic threat landscape requires a flexible and intelligent cloud network security solution. Our VM-Series and CN-Series Next Generation Firewalls inspect all cloud network traffic for threats and high-risk content, allowing only safe traffic to enter and leave your cloud without sacrificing agility for security.

  • Move away from ports and protocols – use App-ID

    Gain Layer 7 visibility into network traffic and identify applications regardless of their port, protocol or evasion tactics with App-ID™ technology. Generate policy tied to apps instead of ports.

  • Pick and choose your security

    Augment our virtual firewalls with integrated security subscriptions that help you detect hard-to-find threats and stop data exfiltration, including Threat Prevention, WildFire® malware prevention, URL Filtering, Enterprise DLP and DNS Security.

  • Consistently protect any cloud

    Establish network security trust boundaries across clouds and Kubernetes clusters. Gain central visibility and policy management across all your virtual firewalls with the Panorama™ management solution.

  • Generate reports for compliance

    Generate application, traffic and threat reports to assist with compliance audits.


Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Network Security solutions

Identity-Based Microsegmentation

Microsegmentation for hosts and containers on public or private clouds.

VM-Series

Virtual NGFWs that can scale to seamlessly deploy in any virtual or cloud environment.

CN-Series

The industry’s first ML-Powered NGFW built for Kubernetes environments.