Register now for the Code to Cloud Virtual Summit

Identity-Based Microsegmentation

Begin your Zero Trust journey with least-privilege network access across cloud workloads
Request a Trial
Identity-Based Microsegmentation Front
Identity-Based Microsegmentation Back

Cloud networks provide reliable pathways allowing applications to intercommunicate. However, a flat network with too many open pathways increases risk and enables threats to move laterally.

Read the Forrester New Tech report on Microsegmentation

Download the report
1

Network segmentation is complex and painful

Limiting communication pathways in the cloud is proven to reduce risk, but security teams find microsegmentation with legacy approaches to be too complex and time-consuming. Cloud native applications are left exposed with a massive network attack surface.
2

The shift to cloud requires more agility

With DevOps teams deploying weekly and even daily, public and private cloud environments are constantly changing. Security teams struggle to enforce network protection for these deployments without slowing down release velocity.
3

Maintaining compliance requires visibility

Adopting heterogeneous architectures for regulated applications creates compliance challenges for security teams. Lack of visibility into application dependencies creates blind spots, and proving compliance with non-integrated network security tools is too cumbersome.

Simplify microsegmentation and reduce risk for cloud native apps

Identity-Based Microsegmentation helps you discover application dependencies, enforce microsegmentation on hosts and containers, and stop lateral movement of threats. Security teams can reduce risk and achieve Zero Trust results without changing the network topology. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release cycles.
  • Supports private and public clouds
  • Zero Trust results without rearchitecting the network
  • Prevents lateral movement of malware and ransomware
  • Workload identity
    Workload identity
  • Visibility and discovery
    Visibility and discovery
  • Policy management
    Policy management
THE PRISMA CLOUD SOLUTION

Our approach to Identity-Based Microsegmentation

Workload identity

Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection.

  • Defining workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity comprises tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity ensures network visibility accuracy

    Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.

  • Identity strengthens workload defenses

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.

Learn more

Visibility and discovery

Mapping application dependencies is a monumental task that cannot be performed manually. Prisma Cloud automates application discovery and flow mapping.

  • Discover assets and workload identity

    View the identity tags assigned to each workload including attributes auto-generated from cloud native services like AWS, Azure, Google Cloud, Kubernetes and more.

  • See how apps communicate

    Understand how workloads communicate with each other and external services inside and across clouds using an app dependency map. See the policy decision for each application flow using simple visibility aides.

  • Maintain flow records for compliance

    Explore historical flow records and generate granular queries to filter down the data you need. Generate reports to help with proving compliance.

  • Export flow data to your own systems

    Stream flow logs to common external SIEM tools.

Learn more

Policy management

Securing cloud native applications requires a purpose-built policy model. Prisma Cloud helps security teams accelerate their Zero Trust adoption, simplify policy creation, and minimize human error.

  • Build security on context

    Take advantage of Prisma Cloud microsegmentation policies that use contextual, application-driven tags (e.g., service=frontend can talk to service=backend) instead of network-centric language (e.g., Allow 192.168.10.20 to 10.0.0.31).

  • Protect common applications out of the box

    Deploy predefined rules in just minutes and simplify policy creation for common, critical applications.

  • Generate policy recommendations

    Automatically generate the optimal microsegmentation rules for any application with a single click to reduce time and minimize human error.

  • Enforce consistent policy across clouds

    Have your security team centrally manage policies for all workloads in the environment, or let DevOps and app developers inherit responsibility and manage policy for their own apps.

  • Accelerate microsegmentation with policy as code

    Codify microsegmentation policy and insert security into deployment pipelines to protect applications at DevOps speed.

Learn more
Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.
Learn more

Cloud Network Security modules

VM-Series

Protect traffic entering and leaving the cloud from threats and data theft.

Learn more

CN-Series

Secure Kubernetes traffic with a containerized next-generation firewall.

Learn more
Featured Resources
See all Resources
Prisma™ Cloud
Datasheet

Prisma Cloud Identity-Based Microsegmentation

Download
Prisma™ Cloud
WEBCAST

Conforming Network Security to Cloud Native Applications

Watch on-demand
Prisma™ Cloud
E-book

Identity-Powered Microsegmentation

Download
Prisma™ Cloud
Demo video

Prisma Cloud: Identity-Based Microsegmentation Module Demo

Watch the demo
Prisma™ Cloud
Datasheet

Identity-Based Microsegmentation for Kubernetes

Download
See all Resources

Get the latest news, invites to events and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability