Professional Documents
Culture Documents
Microsegmentation for
Kubernetes
Segmentation Challenges
in a real-time map.
» Generate reports of flow records coupled with application
Traditional security tools and practices are not suited to pro- context for compliance.
tect applications in Kubernetes® infrastructure. The velocity • Comprehensive Security Policy
and complexity of Kubernetes deployments have broken the
» Effortlessly deploy and manage security policies between
boundaries of IP-based network segmentation platforms.
private and public clouds.
Here are some of the challenges:
» Manage segmentation policies without changing the net-
• Lack of visibility into network communications within
work—Prisma Cloud works across any container network
Kubernetes clusters and pods.
interface (CNI).
• Loss of IP address context across ingress and multi-cluster
» Enforce policies with identity—not IP addresses—to
communications requires coarse IP enforcement—leaving
enable granular ingress and egress controls within
a large attack surface.
clusters, across clusters, and to/from third-party services.
• Managing multiple security tools results in inconsistent
» Apply policies that dynamically adapt to changes in your
security policies between private and public clouds.
Kubernetes environments.
» Encrypt communications from pod to pod inside and
The New Approach across Kubernetes clusters.
• DevSecOps Empowerment
Prisma™ Cloud decouples security from the network using
identity-powered microsegmentation across Kubernetes » Establish guardrail policies with a hierarchical model to
deployments in any cloud. Taking an integrated approach that accelerate application delivery and enable continuous
enables SecOps and DevOps teams to accelerate cloud native deployment.
application deployment across multi-cloud and hybrid cloud » Deploy security policies as code in Kubernetes environ-
environments, Prisma Cloud offers: ments for continuous compliance.
• End-to-End Visibility
» Dynamically discover application, Kubernetes, and cloud
native context as applications are deployed.
3000 Tannery Way © 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 identity-based-microsegmentation-for-kubernetes-b-081420
Support: +1.866.898.9087
www.paloaltonetworks.com