Microsegmentation | Identity-Based Microsegmentation

WHY IT MATTERS
OUR APPROACH
MODULES
RESOURCES

Your cloud network provides reliable pathways to allow cloud native applications to intercommunicate. However, too many open pathways on the cloud network increases risk and enables threats to move laterally.

Read the report: Unit 42 Cloud Threat Report

1

Network segmentation is complex and painful

Limiting communication pathways in the cloud is proven to reduce risk, but security teams find microsegmentation with legacy approaches to be too complex and time-consuming. Cloud native applications are left exposed with a massive network attack surface.

2

The shift to cloud requires more agility

With DevOps teams deploying weekly and even daily, public and private cloud environments are constantly changing. Security teams struggle to enforce network protection for these deployments without slowing down release velocity.

3

Maintaining compliance requires visibility

Adopting heterogeneous architectures for regulated applications creates compliance challenges for security teams. Lack of visibility into application dependencies creates blind spots, and proving compliance with non-integrated network security tools is too cumbersome.

Simplify microsegmentation and reduce risk for cloud native apps

Identity-Based Microsegmentation is a Cloud Network Security solution that helps you see how applications communicate, enforce identity-based defenses on hosts and containers, and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release cycles.

Protection for hosts and containers
Elimination of network complexities
Security built on workload identity

Workload identity
Visibility and discovery
Policy management

THE PRISMA CLOUD SOLUTION

Our approach to Identity-Based Microsegmentation

Workload identity

Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection. Everything within Prisma Cloud’s microsegmentation solution revolves around identity.

Defining workload identity

Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.
Workload identity comprises tags

Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.
Identity ensures network visibility accuracy

Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.
Identity strengthens workload defenses

Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.

Learn more

Visibility and discovery

Securing cloud native applications requires a comprehensive view into all your hosts and containers. Prisma Cloud delivers real-time and historical views into network flows across any cloud.

Discover assets and workload identity

View the identity tags assigned to each workload including attributes auto-generated from cloud native services like AWS, Azure, Google Cloud, Kubernetes and more.
See how apps communicate

Understand how workloads communicate with each other and external services inside and across clouds using an app dependency map. See the policy decision for each application flow using simple visibility aides.
Maintain flow records for compliance

Explore historical flow records and generate granular queries to filter down the data you need. Generate reports to help with proving compliance.
Export flow data to your own systems

Stream flow logs to common external SIEM tools.

Learn more

Policy management

Securing cloud native applications requires a purpose-built policy model providing simplicity and flexibility. Prisma Cloud delivers real-time and historical views into network flows across workloads.

Use easy-to-understand policy language

Take advantage of Prisma Cloud microsegmentation policies that use contextual, application-driven tags (e.g., service=frontend can talk to service=backend) instead of network-centric language (e.g., Allow 192.168.10.20 to 10.0.0.31).
Choose centralized or decentralized management

Have your security team centrally manage policies for all workloads in the environment, or let DevOps and app developers inherit responsibility and manage policy for their own apps.
Automate policy suggestions for effortless management

Through Prisma Cloud, take learned application behavior and couple it with identity attributes to automatically recommend microsegmentation policies with minimal user input.
Program microsegmentation policy as code

Keep up with developer processes through automated security. With Prisma Cloud, developer teams can codify microsegmentation policy without any knowledge of networking languages.

Learn more

Prisma Cloud

Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Learn more

Cloud Network Security modules

VM-Series

Protect traffic entering and leaving the cloud from threats and data theft.

Learn more

CN-Series

Secure Kubernetes traffic with a containerized next-generation firewall.

Learn more

Featured Resources

See all Resources

Prisma™ Cloud

Datasheet

Prisma Cloud Identity-Based Microsegmentation

Download

Prisma™ Cloud

WEBCAST

Conforming Network Security to Cloud Native Applications

Watch on-demand

Prisma™ Cloud

E-book

Identity-Powered Microsegmentation

Download

Prisma™ Cloud

Demo video

Prisma Cloud: Identity-Based Microsegmentation Module Demo

Watch the demo

Prisma™ Cloud

Datasheet

Identity-Based Microsegmentation for Kubernetes

Download

See all Resources

Identity-Based Microsegmentation

Your cloud network provides reliable pathways to allow cloud native applications to intercommunicate. However, too many open pathways on the cloud network increases risk and enables threats to move laterally.

Read the report: Unit 42 Cloud Threat Report

Network segmentation is complex and painful

The shift to cloud requires more agility

Maintaining compliance requires visibility

Forrester Total Economic Impact™ Study: Save 276% with Prisma Cloud

Simplify microsegmentation and reduce risk for cloud native apps

Our approach to Identity-Based Microsegmentation

Workload identity

Defining workload identity

Workload identity comprises tags

Identity ensures network visibility accuracy

Identity strengthens workload defenses

Visibility and discovery

Discover assets and workload identity

See how apps communicate

Maintain flow records for compliance

Export flow data to your own systems

Policy management

Use easy-to-understand policy language

Choose centralized or decentralized management

Automate policy suggestions for effortless management

Program microsegmentation policy as code

Cloud Network Security modules

VM-Series

CN-Series

Prisma Cloud Identity-Based Microsegmentation

Conforming Network Security to Cloud Native Applications

Identity-Powered Microsegmentation

Prisma Cloud: Identity-Based Microsegmentation Module Demo

Identity-Based Microsegmentation for Kubernetes

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links