Identity-Based Microsegmentation

Begin your Zero Trust journey with least-privilege network access across cloud workloads

Cloud networks provide reliable pathways allowing applications to intercommunicate. However, a flat network with too many open pathways increases risk and enables threats to move laterally.

Read the Forrester New Tech report on Microsegmentation

Simplify microsegmentation and reduce risk for cloud native apps

Identity-Based Microsegmentation helps you discover application dependencies, enforce microsegmentation on hosts and containers, and stop lateral movement of threats. Security teams can reduce risk and achieve Zero Trust results without changing the network topology. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release cycles.
  • Supports private and public clouds
  • Zero Trust results without rearchitecting the network
  • Prevents lateral movement of malware and ransomware
  • Workload identity
    Workload identity
  • Visibility and discovery
    Visibility and discovery
  • Policy management
    Policy management


Our approach to Identity-Based Microsegmentation

Workload identity

Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection.

  • Defining workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity comprises tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity ensures network visibility accuracy

    Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.

  • Identity strengthens workload defenses

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.

Visibility and discovery

Mapping application dependencies is a monumental task that cannot be performed manually. Prisma Cloud automates application discovery and flow mapping.

  • Discover assets and workload identity

    View the identity tags assigned to each workload including attributes auto-generated from cloud native services like AWS, Azure, Google Cloud, Kubernetes and more.

  • See how apps communicate

    Understand how workloads communicate with each other and external services inside and across clouds using an app dependency map. See the policy decision for each application flow using simple visibility aides.

  • Maintain flow records for compliance

    Explore historical flow records and generate granular queries to filter down the data you need. Generate reports to help with proving compliance.

  • Export flow data to your own systems

    Stream flow logs to common external SIEM tools.

Policy management

Securing cloud native applications requires a purpose-built policy model. Prisma Cloud helps security teams accelerate their Zero Trust adoption, simplify policy creation, and minimize human error.

  • Build security on context

    Take advantage of Prisma Cloud microsegmentation policies that use contextual, application-driven tags (e.g., service=frontend can talk to service=backend) instead of network-centric language (e.g., Allow to

  • Protect common applications out of the box

    Deploy predefined rules in just minutes and simplify policy creation for common, critical applications.

  • Generate policy recommendations

    Automatically generate the optimal microsegmentation rules for any application with a single click to reduce time and minimize human error.

  • Enforce consistent policy across clouds

    Have your security team centrally manage policies for all workloads in the environment, or let DevOps and app developers inherit responsibility and manage policy for their own apps.

  • Accelerate microsegmentation with policy as code

    Codify microsegmentation policy and insert security into deployment pipelines to protect applications at DevOps speed.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Network Security modules


Protect traffic entering and leaving the cloud from threats and data theft.


Secure Kubernetes traffic with a containerized next-generation firewall.