Identity-Based

Microsegmentation for
Kubernetes

Prisma by Palo Alto Networks | Identity-Based Microsegmentation for Kubernetes | Brief 1

Kubernetes Network
­Segmentation Challenges
Traditional security tools and practices are not suited to pro-
tect applications in Kubernetes® infrastructure. The velocity
and complexity of Kubernetes deployments have broken the
boundaries of IP-based network segmentation platforms.
Here are some of the challenges:
• Lack of visibility into network communications within
­Kubernetes clusters and pods.
• Loss of IP address context across ingress and multi-cluster
communications requires coarse IP enforcement—leaving
a large attack surface.
• Managing multiple security tools results in inconsistent
­security policies between private and public clouds.
The New Approach
Prisma™ Cloud decouples security from the network using
identity-powered microsegmentation across Kubernetes
­deployments in any cloud. Taking an integrated approach that
enables SecOps and DevOps teams to accelerate cloud native
application deployment across multi-cloud and hybrid cloud
environments, Prisma Cloud offers:
• End-to-End Visibility
» Dynamically discover application, Kubernetes, and cloud
native context as applications are deployed.
Figure 1: Prisma Cloud Identity-Based Microsegmentation UI
Prisma by Palo Alto Networks | Identity-Based Microsegmentation for Kubernetes | Brief
» Visualize ingress, egress, and pod-to-pod communications
in a real-time map.
» Generate reports of flow records coupled with application
context for compliance.
• Comprehensive Security Policy
» Effortlessly deploy and manage security policies between
private and public clouds.
» Manage segmentation policies without changing the net-
work—Prisma Cloud works across any container network
interface (CNI).
» Enforce policies with identity—not IP addresses—to
enable granular ingress and egress controls within
­
­clusters, across clusters, and to/from third-party services.
» Apply policies that dynamically adapt to changes in your
Kubernetes environments.
» Encrypt communications from pod to pod inside and
across Kubernetes clusters.
• DevSecOps Empowerment
» Establish guardrail policies with a hierarchical model to
accelerate application delivery and enable continuous
deployment.
» Deploy security policies as code in Kubernetes environ-
ments for continuous compliance.
2
 Table 1: Benefits of Identity-Based
Microsegmentation for Kubernetes by Role
Learn More About Prisma Cloud
CISOs DevOps SecOps Prisma Cloud is a comprehensive cloud native security plat-
form with the industry’s broadest security and compliance
Reduce costs by Security policy Shift from ticket- coverage—for applications, data, and the entire cloud ­native
consolidating changes are no based policy ­ technology stack—throughout the development lifecycle
cloud security on longer tied to the systems to a
and across multi-cloud and hybrid cloud environments. The
a comprehensive network. hierarchical model
platform. incorporating ­integrated Prisma Cloud approach enables SecOps and DevOps
Use policy as code guardrails. teams to stay agile, collaborate effectively, and accelerate cloud
to enable high native application development and deployment securely.
velocity application Prioritize alerts and
rollout. ensure compliance
using company To learn more about Prisma Cloud, visit paloaltonetworks.
­standards. com/prisma/cloud.

3000 Tannery Way
Santa Clara, CA 95054
Main: +1.408.753.4000
Sales: +1.866.320.4788
Support: +1.866.898.9087
© 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
­trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
marks mentioned herein may be trademarks of their respective companies.
identity-based-microsegmentation-for-kubernetes-b-081420

www.paloaltonetworks.com