[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [Cloud Native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown)
4. [What Is Microsegmentation?](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation?ts=markdown)  
   Table of Contents

* [What Is Cloud Native?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown)
  * [Cloud Native Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#explained?ts=markdown)
  * [History of Cloud Native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#history?ts=markdown)
  * [What Are Cloud-Native Applications?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#applications?ts=markdown)
  * [What Is Cloud-Native Architecture?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#architecture?ts=markdown)
  * [What Is Cloud-Native Application Development?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#development?ts=markdown)
  * [Benefits of Cloud-Native Application Development](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#benefits?ts=markdown)
  * [What Is a Cloud-Native Stack?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#stack?ts=markdown)
  * [Cloud-Native Security Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#challenges?ts=markdown)
  * [Cloud-Native FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#faqs?ts=markdown)
* [What Is Threat Modeling?](https://www.paloaltonetworks.com/cyberpedia/threat-modeling?ts=markdown)
  * [Threat Modeling Explained](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#threat?ts=markdown)
  * [Threat Modeling Frameworks](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#frameworks?ts=markdown)
  * [Threat Modeling: Four Question Framework](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#modeling?ts=markdown)
  * [Benefits of Threat Modeling in Modern Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#benefits?ts=markdown)
  * [Threat Modeling Tools](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#tools?ts=markdown)
  * [Threat Modeling FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#faqs?ts=markdown)
* [What Are Microservices?](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown)
  * [Microservices Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#explained?ts=markdown)
  * [From Service-Oriented Architecture to Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#service?ts=markdown)
  * [Benefits of Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#benefits?ts=markdown)
  * [When to Use Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#when?ts=markdown)
  * [Building and Deploying Microservices-Based Apps](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#deploying?ts=markdown)
  * [Microservices Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#best?ts=markdown)
  * [Adopting Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#adopting?ts=markdown)
  * [Securing Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#securing?ts=markdown)
  * [Microservices FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#faqs?ts=markdown)
* [What Is Cloud-Native Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security?ts=markdown)
  * [Cloud-Native Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#explained?ts=markdown)
  * [Cloud Native Goes Beyond Fixed Perimeters](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#perimeters?ts=markdown)
  * [Diagnostic Difficulties](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#diagnostic?ts=markdown)
  * [Accelerating DevOps Velocity](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#velocity?ts=markdown)
  * [Key Elements of Cloud-Native Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#key?ts=markdown)
  * [Cloud Native-Security Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#strategies?ts=markdown)
  * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#faqs?ts=markdown)
* [What Is CNAPP?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform?ts=markdown)
  * [CNAPP Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#cnapp?ts=markdown)
  * [Key Components of a CNAPP](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#key?ts=markdown)
  * [CNAPP Architecture and Functionality](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#architecture?ts=markdown)
  * [CNAPP Implementation Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#implementation?ts=markdown)
  * [CNAPP Benefits](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#benefits?ts=markdown)
  * [The AI-Enhanced CNAPP](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#enhanced?ts=markdown)
  * [What's Next for CNAPP?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#next?ts=markdown)
  * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#faqs?ts=markdown)
* [What Is CSPM? | Cloud Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown)
  * [Cloud Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#cloud?ts=markdown)
  * [Why Is CSPM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#why?ts=markdown)
  * [How Does CSPM Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#how?ts=markdown)
  * [The Evolution of CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#the?ts=markdown)
  * [What Are Researchers Saying About CSPM?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#what?ts=markdown)
  * [What Are the Benefits of CSPM?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#benefits?ts=markdown)
  * [Cloud Security Posture Management (CSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#faqs?ts=markdown)
* [What Is Cloud Network Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security?ts=markdown)
  * [Cloud Network Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#network-security?ts=markdown)
  * [Cloud Network Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#cns?ts=markdown)
  * [Kubernetes Network Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#kns?ts=markdown)
  * [Kubernetes Control Plane Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#control-plane-security?ts=markdown)
  * [Network Security Best Practices for Containers and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#best-practice?ts=markdown)
  * [Cloud Network Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#faq?ts=markdown)
* [CSP-Built Security Vs. Cloud-Agnostic Security](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security?ts=markdown)
  * [Cloud Security: The Technology Decision](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#cloud?ts=markdown)
  * [Feature Set and Capabilities](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#feature?ts=markdown)
  * [The Multicloud Challenge](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#challenge?ts=markdown)
  * [Real-World Applications](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#realworld?ts=markdown)
  * [Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#prisma-cloud?ts=markdown)
  * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#faqs?ts=markdown)
* What Is Microsegmentation?
  * [Microsegmentation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#micro?ts=markdown)
  * [Beyond Perimeter Security](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#beyond?ts=markdown)
  * [Network Segmentation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#network?ts=markdown)
  * [How Microsegmentation Works](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#how?ts=markdown)
  * [Types of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#types?ts=markdown)
  * [Benefits of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#benefits?ts=markdown)
  * [Microsegmentation Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#usecases?ts=markdown)
  * [Microsegmentation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#faqs?ts=markdown)
* [Core Tenets of a Cloud Native Security Platform (CNSP)](https://www.paloaltonetworks.com/cyberpedia/core-tenets-of-a-cloud-native-security-platform?ts=markdown)
* [What Is a Cloud Native Security Platform?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform?ts=markdown)
  * [What Does 'Cloud Native' Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#what?ts=markdown)
  * [The Beginnings of Cloud Native Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#beginning?ts=markdown)
  * [Enter Cloud Native Security Platforms](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#enter?ts=markdown)
  * [CNSPs and the Future](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#cnsp?ts=markdown)
  * [Cloud Native Security Platform FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#faqs?ts=markdown)
* [CSPM Tools: How to Evaluate and Select the Best Option](https://www.paloaltonetworks.com/cyberpedia/cspm-tools?ts=markdown)
  * [The Need for Cloud Security Posture Management Solutions](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#need?ts=markdown)
  * [Components of CSPM Tools](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#components?ts=markdown)
  * [How to Select the Right CSPM Solution](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#how?ts=markdown)
  * [Common Challenges in Implementing CSPM](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#common?ts=markdown)
  * [Cloud Security Posture Management (CSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#faqs?ts=markdown)
* [What is Platform as a Service (PaaS)?](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas?ts=markdown)
  * [Benefits and Security Implications](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas#benefits?ts=markdown)
  * [Platform as a Service FAQs](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas#faqs?ts=markdown)
* [What Is Serverless Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-serverless-security?ts=markdown)

# What Is Microsegmentation?

5 min. read  
[Download The CNAPP Buyer's Guide](https://start.paloaltonetworks.com/cnapp-buyers-guide.html)  
Table of Contents

* * [Microsegmentation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#micro?ts=markdown)
  * [Beyond Perimeter Security](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#beyond?ts=markdown)
  * [Network Segmentation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#network?ts=markdown)
  * [How Microsegmentation Works](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#how?ts=markdown)
  * [Types of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#types?ts=markdown)
  * [Benefits of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#benefits?ts=markdown)
  * [Microsegmentation Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#usecases?ts=markdown)
* [Microsegmentation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#faqs?ts=markdown)

1. Microsegmentation Explained

* * [Microsegmentation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#micro?ts=markdown)
  * [Beyond Perimeter Security](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#beyond?ts=markdown)
  * [Network Segmentation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#network?ts=markdown)
  * [How Microsegmentation Works](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#how?ts=markdown)
  * [Types of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#types?ts=markdown)
  * [Benefits of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#benefits?ts=markdown)
  * [Microsegmentation Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#usecases?ts=markdown)
* [Microsegmentation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#faqs?ts=markdown)

Microsegmentation is a security method of managing network access between workloads. With microsegmentation, administrators can manage security policies that limit traffic based on the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown) and [Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown). Organizations use microsegmentation to reduce the attack surface, improve breach containment and strengthen regulatory compliance.

## Microsegmentation Explained

Microsegmentation refers to an approach to security that involves dividing a network into segments and applying security controls to each segment based on the segment's requirements.

Microsegmentation software with network virtualization technology is used to create zones in cloud deployments. These granular secure zones isolate [workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown), securing them individually with custom, workload-specific policies. Similarly, each virtual machine (VM) in a network can be protected, down to the application level, with exact security controls.

The granular security controls microsegmentation brings to workloads or applications is invaluable for the modern cloud environment with several applications running on the same server or virtual machine. Organizations can apply security controls to individual workloads and applications, rather than having a one security policy for the server.

![Microsegmentation](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/microsegmentation.jpg)  
*Figure 1: Microsegmentation divides networks into segments to limit traffic based on Zero Trust.*

### What Is a Workload?

A [workload](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) can be broadly defined as the resources and processes needed to run an application. Hosts, virtual machines and containers are a few examples of workloads.

Companies can run workloads across data centers, hybrid cloud and multicloud environments. Most organizations' applications are becoming increasingly distributed across different [cloud-native compute architectures](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown), based on business needs.

## Beyond Perimeter Security

Perimeter security makes up a significant part of most organizations' network security controls. Network security devices, such as network firewalls, inspect "north-south" (client to server) traffic that crosses the security perimeter and stop bad traffic. Assets within the perimeter are implicitly trusted, which means that "east-west" (workload to workload) traffic may go without inspection.

![“North-south” (client to server) traffic vs. “east-west” (workload to workload)](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-microsegmentation-img-1-868x488.jpg)  
*Figure 2: "North-south" (client to server) traffic vs. "east-west" (workload to workload)*

For most organizations, east-west communications make up the majority of data center and cloud traffic patterns, and perimeter-focused defenses do not have visibility into east-west traffic. Given these factors, malicious actors use this as an opportunity to move laterally across workloads.

The network creates reliable pathways between workloads and determines whether or not two endpoints can access each other. Microsegmentation creates isolation and determines if two endpoints should access each other. Enforcing segmentation with least-privileged access reduces the scope of [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) and contains [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown).

![Figure 2: Microsegmentation can help you isolate the attack.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-microsegmentation-img2.gif)  
*Figure 3: Microsegmentation can help you isolate the attack.*

## Network Segmentation Challenges

Network segmentation is an approach that divides a network into multiple smaller segments. This benefits performance and security:

* **Performance:** Subdividing the network into smaller subnets and VLANs reduces the scope of broadcast packets and improves network performance.
* **Security:** Network security teams can apply access control lists (ACLs) to VLANs and subnets to isolate machines on different network segments. In the event of a data breach, ACLs can prevent the threat from spreading to other network segments.

Leveraging network segmentation for security purposes comes with challenges. Segmentation needs don't always match the network architecture. Re-architecting the networks or reconfiguring VLANs and subnets to meet segmentation requirements is difficult and time consuming.

![Figure 3: Network segmentation – using VLANs and subnets – is a method proven to deliver optimal network performance by breaking up network broadcast domains.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-microsegmentation-img-3-868x488.jpg)  
*Figure 4: Network segmentation -- using VLANs and subnets -- is a method proven to deliver optimal network performance by breaking up network broadcast domains.*

## How Microsegmentation Works

Microsegmentation, also referred to as Zero Trust or identity-based segmentation, delivers on segmentation requirements without the need to re-architect. Security teams can isolate workloads in a network to limit the effect of malicious lateral movement. Microsegmentation controls can be assimilated into three categories:

* **Agent-based** solutions use a software agent on the workload and enforce granular isolation to individual hosts and [containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown). Agent-based solutions may leverage the built-in host-based firewall or derive isolation abilities based on workload identity or attributes.
* **Network-based** segmentation controls rely on the network infrastructure. This style leverages physical and virtual devices, such as load-balancers, switches, software-defined networks (SDN), and overlay networks to enforce policy.
* **Native cloud** controls leverage capabilities embedded in the cloud service provider (e.g., Amazon security group, Azure firewall, or Google Cloud firewall).

Microsegmentation helps provide consistent security across private and public clouds alike by virtue of three key principles: visibility, granular security and dynamic adaptation.

A microsegmentation solution should deliver visibility into all network traffic inside and across data centers and clouds. While there are many ways to monitor traffic, the most effective measure is to see traffic coupled with workload context (e.g., cloud, application, [orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown)), as opposed to logs containing only IP addresses and ports.

Granular security means network administrators can strengthen and pinpoint security by creating specific policies for critical applications. The goal is to prevent lateral movement of threats with policies that precisely control traffic in and out of specific workloads, such as weekly payroll runs or updates to human resource databases.

Microsegmentation offers protection for dynamic environments. For instance, cloud-native architectures like containers and [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown) can spin up and down in a matter of seconds. The IP addresses assigned to cloud workloads are ephemeral, rendering IP-based rule management impossible. With microsegmentation, security policies are expressed in terms of identities or attributes (env=prod, app=hrm, etc.) rather than network constructs (e.g., 10.100.0.10 tcp/80). Changes to the application or infrastructure trigger automatic revisions to security policies in real time, requiring no human intervention.

## Types of Microsegmentation

Microsegmentation offers protection for dynamic environments. For instance, cloud-native architectures like [containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) and Kubernetes can spin up and down in a matter of seconds. The IP addresses assigned to cloud workloads are ephemeral, rendering IP-based rule management impossible. With microsegmentation, security policies are expressed in terms of identities or attributes (env=prod, app=hrm, etc.) rather than network constructs (e.g., 10.100.0.10 tcp/80). Changes to the application or infrastructure trigger automatic revisions to security policies in real time, requiring no human intervention.

### Container Segmentation

Container segmentation involves isolating containers from each other and the host system to improve security and reduce the attack surface. [Containerization](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) is a widely used technology that allows multiple applications or services to run in separate containers on a single host system. Without proper segmentation, though, containers can potentially access each other's data and configuration files, which can result in security vulnerabilities.

#### Container Segmentation Best Practices

* **Container isolation:** Each container should be isolated from other containers running on the same host system to prevent unauthorized access. Isolation can be achieved using container technologies like [Docker](https://www.paloaltonetworks.com/cyberpedia/docker?ts=markdown) and Kubernetes, which provide built-in isolation mechanisms.
* **Network segmentation:** Containers can be segmented from each other using network segmentation techniques. Creating separate networks for each container and configuring firewall rules to allow or deny traffic between containers can achieve this.
* **Role-based access control:** [Role-based access control (RBAC)](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown) can be used to define access policies for different containers based on user roles and permissions, which can help to ensure that containers are accessed only by authorized users and processes.
* **Image signing:** Container images can be digitally signed to ensure that only trusted images are deployed in production. This can help to prevent container images from being tampered with or altered. Proper [artifact integrity validation](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9?ts=markdown) can reduce the risk of security vulnerabilities.
* **Runtime protection:** [Runtime protection](https://www.paloaltonetworks.com/cyberpedia/runtime-security?ts=markdown) tools can be used to monitor container activity and detect anomalies that may indicate a security breach. These tools can help to detect and prevent attacks in real time, improving the security posture of containerized environments.

Container segmentation helps to ensure the security of [containerized applications](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) and services. By isolating containers and applying [access control](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) policies, organizations can reduce the attack surface and prevent unauthorized access to [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) and resources. Container segmentation should be implemented as part of an overall security strategy that includes network security, access control, and runtime protection.

### User Segmentation in Cloud Security

User segmentation in [cloud security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) involves dividing user access based on different roles and responsibilities within an organization to ensure that users have access to only the resources they need to perform their job functions. User segmentation reduces the attack surface by limiting the exposure of sensitive data and resources to only authorized users.

Because cloud environments are dynamic and change rapidly, user segmentation is a critical component of a comprehensive cloud security strategy. Here are some key considerations for user segmentation in cloud security:

* **Role-based access control (RBAC):** RBAC involves creating and defining permissions for roles, and then assigning users to the appropriate roles according to job functions. This approach ensures that users have access only to the resources they need to perform their job functions, reducing the risk of accidental or intentional data breaches.
* **Multi-factor authentication (MFA):** MFA requires users to provide more than one form of authentication --- a password, a security token, biometric data --- to access a resource. MFA is an effective way to prevent unauthorized access to cloud resources, particularly when combined with RBAC.
* **Continuous monitoring:** Continuous monitoring of user activity is critical for detecting and responding to security incidents in real-time. This involves analyzing log data and user behavior to identify threats and vulnerabilities.
* **Separation of duties:** Separation of duties involves dividing responsibilities among multiple users to prevent any one user from having too much control over a system or process. [Access management](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) reduces the risk of fraud or errors and ensures that sensitive operations are performed by multiple users.
* **Regular access reviews:** Regular access reviews involve routinely reviewing user access rights and permissions to ensure they're still essential. Access reviews can help to identify and remove unnecessary access rights, reducing the risk of unauthorized access.

By implementing RBAC, MFA, continuous monitoring, separation of duties, and regular access reviews, organizations can enhance their cloud security posture and protect against evolving threats, reduce the attack surface and prevent unauthorized access to sensitive data and resources.

## Benefits of Microsegmentation

Organizations that adopt microsegmentation realize tangible benefits. More specifically:

* **Reduced attack surface** : Microsegmentation provides visibility into the complete network environment without slowing development or innovation. Application developers can integrate security policy definition early in the development cycle and ensure that neither application deployments nor updates create new attack vectors. This is particularly important in the fast-moving world of [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown).
* **Improved breach containment**: Microsegmentation gives security teams the ability to monitor network traffic against predefined policies as well as shorten the time to respond to and remediate data breaches.
* **Stronger regulatory compliance**: Using microsegmentation, regulatory officers can create policies that isolate systems subject to regulations from the rest of the infrastructure. Granular control of communications with regulated systems reduces the risk of noncompliant usage.
* **Simplified policy management**: Moving to a microsegmented network or Zero Trust security model provides an opportunity to simplify policy management. Some microsegmentation solutions offer automated application discovery and policy suggestions based on learned application behavior.

## Microsegmentation Use Cases

The range of use cases for microsegmentation is vast and growing. Here are some representative examples:

* **Development and production systems**: In the best case scenario, organizations carefully separate development and test environments from production systems. However, these measures may not prevent careless activity, such as developers taking customer information from production databases for testing. Microsegmentation can enforce a more disciplined separation by granularly limiting connections between the two environments.
* **Security for soft assets**: Companies have a huge financial and reputational incentive to protect "soft" assets, such as confidential customer and employee information, intellectual property, and company financial data. Microsegmentation adds another level of security to guard against exfiltration and other malicious actions that can cause downtime and interfere with business operations.
* **Hybrid cloud management**: Microsegmentation can provide seamless protection for applications that span multiple clouds and implement uniform security policies across hybrid environments composed of multiple data centers and cloud service providers.
* **Incident response** : As noted earlier, microsegmentation limits lateral movement of threats and the impact of breaches. In addition, microsegmentation solutions provide log information to help [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) teams better understand attack tactics and telemetry to help pinpoint policy violations to specific applications.

## Microsegmentation FAQs

### Are network segmentation and microsegmentation different?

While network segmentation and microsegmentation both help to improve network security and performance, they differ in foundational ways. Traditional network segmentation focuses on north-south traffic in and out of the network and is implemented using VLANs, firewalls, routers, and other devices. These devices can be configured to enforce security policies, such as access control lists (ACLs) or firewall rules, at the network level.

Microsegmentation, on the other hand, focuses on east-west traffic and is typically implemented using software-based security solutions, such as hypervisor-based firewalls or endpoint protection platforms (EPPs). Microsegmentation applies security policies at the individual workload or application level, rather than at the network level.

### What are firewall policies?

A firewall policy defines how an organization's firewalls should handle inbound and outbound network traffic for certain IP addresses and address ranges. Policies might focus on user identity, network activity, and applications, as well as IP addresses.

### What is a virtual network?

A virtual network uses software to connect computers, virtual machines (VMs), and servers or virtual servers over the internet --- in contrast to the traditional physical network anchored to a location by hardware and cable.

### What is an application dependency?

An application dependency is when software, applications, servers, and other components rely on each other to perform their functions. To ensure uninterrupted services, application dependencies should be mapped prior to migrating to the cloud, moving components to a new cloud environment, or implementing microsegmentation.
Related Content  
[Agentless vs. Agent-Based Security
When it comes to securing large-scale systems, security pros turn to two approaches: agent-based and agentless security software. But how do these approaches work?](https://www.paloaltonetworks.com/blog/prisma-cloud/agentless-vs-agent-based-security-how-to-use-them-both-to-stay-secure/)  
[Prisma Cloud Workload Protection
Prisma Cloud combines runtime protection with vulnerability management and compliance to secure any cloud-native workload across build, deploy and run.](https://www.paloaltonetworks.com/resources/videos/prisma-cloud-workload-protection?ts=markdown)  
[Navigating the Expanding Attack Surface
Threat actors have become adept at exploiting misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities and malicious OSS packages.](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research?ts=markdown)  
[State of Cloud-Native Security Report
Over 3,000 cloud security and DevOps professionals identify their challenges, how they handle them and what they've learned in the process.](https://www.paloaltonetworks.com/state-of-cloud-native-security?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Microsegmentation%3F&body=Explore%20microsegmentation%20and%20its%20role%20in%20limiting%20lateral%20movement%20within%20networks.%20Learn%20how%20it%20strengthens%20security%20and%20protects%20critical%20assets.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security?ts=markdown) CSP-Built Security Vs. Cloud-Agnostic Security  
[Next](https://www.paloaltonetworks.com/cyberpedia/core-tenets-of-a-cloud-native-security-platform?ts=markdown) Core Tenets of a Cloud Native Security Platform (CNSP)  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language