Prisma Cloud Identity-Based Microsegmentation

Learn about how Prisma Cloud enables identity-based microsegmentation.
To address the security challenges for DevOps and SecOps teams who deploy and manage cloud native applications across multi-cloud and hybrid cloud environments, Prisma Cloud provides the ability to enforce security policies on applications deployed on Linux hosts, Windows hosts, or Kubernetes infrastructure, and gain end-to-end visibility of ingress, egress, and pod-to-pod communications.
Identity-Based microsegmentation on Prisma Cloud is based on four principles:
  • Decoupling security from the network by assigning every workload a cryptographic identity. The identity, which is derived using metadata from AWS, GCP, Azure, Kubernetes and other application contexts, becomes the perimeter instead of an IP address.
  • Discovering applications and learning the communication patterns both inside and across clouds. Prisma Cloud then maps this information in real-time with workload identity context, not IP and port.
  • Enabling centralized policy management for endpoints that are distributed. Policies can be auto-generated for you or you may choose a more declarative approach to defining and testing segmentation policies without impacting runtime.
  • Authenticating and authorizing each connection request using workload identity. The ability to control communications between workloads and enables you to segment applications and implement zero-trust.
With the Identity-Based Microsegmentation add-on license, Get Started.

Recommended For You