Cloud Network Security

Protect cloud native applications from every network attack path.

As cloud adoption accelerates, organizations have a much greater responsibility to protect their digital assets on the network. The strongest approach to cloud network security is one that delivers visibility, prevention and intelligence.

Read the e-book: Identity-Powered Microsegmentation.

Block threats and prevent lateral movement on your cloud network

Prisma® Cloud, combined with our VM-Series or CN-Series NGFWs, delivers Cloud Network Security that provides high-fidelity network visibility and controls. See the workloads, applications and content on your cloud network. Security teams can reduce risk and block threats from entering the cloud, stop lateral movement within the cloud, and prevent critical data from leaving the cloud.
  • Block inbound threats
  • Stop lateral attack movement
  • Secure outbound traffic
  • Microsegmentation
  • Virtual firewalls
    Virtual firewalls


Our approach to Cloud Network Security

Identity-Based Microsegmentation

Securing traffic between cloud native applications requires purpose-built controls. Identity-Based Microsegmentation helps you see how applications communicate and stop lateral movement of threats. Security teams can reduce risk without changing the network. DevOps and cloud infrastructure teams can embrace the cloud without worrying about security slowing down rapid release.

  • Starting with workload identity

    Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.

  • Workload identity defined as tags

    Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.

  • Identity-based visibility

    Protected workloads send and receive identity upon each connection request so that you don’t have to rely on contextless IP addresses for visibility and control. See how apps communicate in an app dependency map.

  • Easy-to-understand policy language

    Microsegmentation policies use contextual, application language (e.g., service=frontend can talk to service=backend) instead of network language (e.g., allow to

  • Stronger workload defense

    Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is not verified or authorized, then network access request is denied to ensure additional protection.