Securing traffic between cloud native applications requires purpose-built controls. Identity-Based Microsegmentation helps you see how applications communicate and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release.
Starting with workload identity
Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.
Workload identity defined as tags
Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.
Protected workloads send and receive identity upon each connection request so that you don’t have to rely on contextless IP addresses for visibility and control. See how apps communicate in an app dependency map.
Easy-to-understand policy language
Microsegmentation policies use contextual, application language (e.g., service=frontend can talk to service=backend) instead of network language (e.g., allow 192.168.10.20 to 10.0.0.31).
Stronger workload defense
Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is not verified or authorized, then network access request is denied to ensure additional protection.