Search

Identity-Based Microsegmentation

Isolate cloud native applications and stop lateral movement of threats on public and private clouds.
Request a Trial
Identity-Based Microsegmentation Front
Identity-Based Microsegmentation Back

Your cloud network provides reliable pathways to allow cloud native applications to intercommunicate. However, too many open pathways on the cloud network increases risk and enables threats to move laterally.

Read the report: Unit 42 Cloud Threat Report

Download the report
1

Network segmentation is complex and painful

Limiting communication pathways in the cloud is proven to reduce risk, but security teams find microsegmentation with legacy approaches to be too complex and time-consuming. Cloud native applications are left exposed with a massive network attack surface.
2

The shift to cloud requires more agility

With DevOps teams deploying weekly and even daily, public and private cloud environments are constantly changing. Security teams struggle to enforce network protection for these deployments without slowing down release velocity.
3

Maintaining compliance requires visibility

Adopting heterogeneous architectures for regulated applications creates compliance challenges for security teams. Lack of visibility into application dependencies creates blind spots, and proving compliance with non-integrated network security tools is too cumbersome.

Simplify microsegmentation and reduce risk for cloud native apps

Identity-Based Microsegmentation is a Cloud Network Security solution that helps you see how applications communicate, enforce identity-based defenses on hosts and containers, and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release cycles.
  • Protection for hosts and containers
  • Elimination of network complexities
  • Security built on workload identity
  • Workload identity
    Workload identity
  • Visibility and discovery
    Visibility and discovery
  • Policy management
    Policy management
THE PRISMA CLOUD SOLUTION

Our approach to Identity-Based Microsegmentation

Workload identity

Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection. Everything within Prisma Cloud’s microsegmentation solution revolves around identity.

  • Defining workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity comprises tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity ensures network visibility accuracy

    Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.

  • Identity strengthens workload defenses

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.

Learn more
Workload identity screenshot

Visibility and discovery

Securing cloud native applications requires a comprehensive view into all your hosts and containers. Prisma Cloud delivers real-time and historical views into network flows across any cloud.

  • Discover assets and workload identity

    View the identity tags assigned to each workload including attributes auto-generated from cloud native services like AWS, Azure, Google Cloud, Kubernetes and more.

  • See how apps communicate

    Understand how workloads communicate with each other and external services inside and across clouds using an app dependency map. See the policy decision for each application flow using simple visibility aides.

  • Maintain flow records for compliance

    Explore historical flow records and generate granular queries to filter down the data you need. Generate reports to help with proving compliance.

  • Export flow data to your own systems

    Stream flow logs to common external SIEM tools.

Learn more
Visibility and discovery screenshot

Policy management

Securing cloud native applications requires a purpose-built policy model providing simplicity and flexibility. Prisma Cloud delivers real-time and historical views into network flows across workloads.

  • Use easy-to-understand policy language

    Take advantage of Prisma Cloud microsegmentation policies that use contextual, application-driven tags (e.g., service=frontend can talk to service=backend) instead of network-centric language (e.g., Allow 192.168.10.20 to 10.0.0.31).

  • Choose centralized or decentralized management

    Have your security team centrally manage policies for all workloads in the environment, or let DevOps and app developers inherit responsibility and manage policy for their own apps.

  • Automate policy suggestions for effortless management

    Through Prisma Cloud, take learned application behavior and couple it with identity attributes to automatically recommend microsegmentation policies with minimal user input.

  • Program microsegmentation policy as code

    Keep up with developer processes through automated security. With Prisma Cloud, developer teams can codify microsegmentation policy without any knowledge of networking languages.

Learn more
Policy management
Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.
Learn more

Cloud Network Security modules

VM-Series

Protect traffic entering and leaving the cloud from threats and data theft.

Learn more

CN-Series

Secure Kubernetes traffic with a containerized next-generation firewall.

Learn more
Featured Resources
See all Resources
Prisma™ Cloud
Datasheet

Prisma Cloud Identity-Based Microsegmentation

Download
Prisma™ Cloud
E-book

Identity-Powered Microsegmentation

Download
Prisma™ Cloud
Demo video

Prisma Cloud: Identity-Based Microsegmentation Module Demo

Watch the demo
Prisma™ Cloud
Datasheet

Identity-Based Microsegmentation for Kubernetes

Download
See all Resources

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability