Identity-Based Microsegmentation

Isolate cloud native applications and stop lateral movement of threats on public and private clouds.

Your cloud network provides reliable pathways to allow cloud native applications to intercommunicate. However, too many open pathways on the cloud network increases risk and enables threats to move laterally.

Read the report: Unit 42 Cloud Threat Report

Simplify microsegmentation and reduce risk for cloud native apps

Identity-Based Microsegmentation is a Cloud Network Security solution that helps you see how applications communicate, enforce identity-based defenses on hosts and containers, and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release cycles.
  • Protection for hosts and containers
  • Elimination of network complexities
  • Security built on workload identity
  • Workload identity
    Workload identity
  • Visibility and discovery
    Visibility and discovery
  • Policy management
    Policy management


Our approach to Identity-Based Microsegmentation

Workload identity

Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection. Everything within Prisma Cloud’s microsegmentation solution revolves around identity.

  • Defining workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity comprises tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity ensures network visibility accuracy

    Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.

  • Identity strengthens workload defenses

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.

Visibility and discovery

Securing cloud native applications requires a comprehensive view into all your hosts and containers. Prisma Cloud delivers real-time and historical views into network flows across any cloud.

  • Discover assets and workload identity

    View the identity tags assigned to each workload including attributes auto-generated from cloud native services like AWS, Azure, Google Cloud, Kubernetes and more.

  • See how apps communicate

    Understand how workloads communicate with each other and external services inside and across clouds using an app dependency map. See the policy decision for each application flow using simple visibility aides.

  • Maintain flow records for compliance

    Explore historical flow records and generate granular queries to filter down the data you need. Generate reports to help with proving compliance.

  • Export flow data to your own systems

    Stream flow logs to common external SIEM tools.

Policy management

Securing cloud native applications requires a purpose-built policy model providing simplicity and flexibility. Prisma Cloud delivers real-time and historical views into network flows across workloads.

  • Use easy-to-understand policy language

    Take advantage of Prisma Cloud microsegmentation policies that use contextual, application-driven tags (e.g., service=frontend can talk to service=backend) instead of network-centric language (e.g., Allow to

  • Choose centralized or decentralized management

    Have your security team centrally manage policies for all workloads in the environment, or let DevOps and app developers inherit responsibility and manage policy for their own apps.

  • Automate policy suggestions for effortless management

    Through Prisma Cloud, take learned application behavior and couple it with identity attributes to automatically recommend microsegmentation policies with minimal user input.

  • Program microsegmentation policy as code

    Keep up with developer processes through automated security. With Prisma Cloud, developer teams can codify microsegmentation policy without any knowledge of networking languages.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Network Security modules


Protect traffic entering and leaving the cloud from threats and data theft.


Secure Kubernetes traffic with a containerized next-generation firewall.