Features Introduced in October 2021

Learn what’s new on Prisma™ Cloud Microsegmentation in October 2021.
Review the new Microsegmentation features in the 20.10.2 release.
FEATURE
DESCRIPTION
Predefined Rulesets
To make it easier to enable microsegmentation and secure your environment, you now have predefined Rulesets. There are five ruleset categories and each category includes a set of rules. Currently, there are 22 out of the box rules in all, and you can view the list in
Network Security
Out Of The Box Rules
, when you log in to the Prisma Cloud administrator console.
Application Profiling
For cloud-native applications that you have already deployed, the
App Dependency Map
adds the ability to profile your application. With application profiling, Prisma Cloud observes the application during its entire lifecycle and suggests rulesets that enable the application to work properly while adhering to the principles of microsegmentation.
The application profiling engine analyzes the observed flows between processing units, or between an external network and a processing unit, and determines the smallest group of tags that represents both the source and the destination for a given flow. These tags are leveraged to create the policy suggestion to enforce ingress and egress flows.
You can review the rulesets on the Prisma Cloud Administrator Console and approve or reject them directly on the console, or export them in a yaml format for use in your CI/CD pipelines.
In this release, the application profile suggests the most granular rulesets between workloads but it lists the protocols and ports as
any
and does not include the specific TCP/UDP ports in the flows.
Change in Existing Behavior
Object Propagation across namespaces
Starting in 21.10.2, to make it easier to create a rulesets, there is a change in how objects such as external networks, organizational tags, are propagated across namespaces.
In previous releases, objects created in a given namespace were available for suggestions when creating rulesets in that same namespace only.
Now the objects are propagated across namespaces within the same namespace hierarchy.

Recommended For You