* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Workload Protection Platform](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/)
* Aporeto Integration Bring...

# Aporeto Integration Brings Identity-Based Microsegmentation to Prisma Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Faporeto-integration-prisma-cloud%2F)  
[](https://twitter.com/share?text=Aporeto+Integration+Brings+Identity-Based+Microsegmentation+to+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Faporeto-integration-prisma-cloud%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Faporeto-integration-prisma-cloud%2F&title=Aporeto+Integration+Brings+Identity-Based+Microsegmentation+to+Prisma+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/aporeto-integration-prisma-cloud/&ts=markdown)  
\[\](mailto:?subject=Aporeto Integration Brings Identity-Based Microsegmentation to Prisma Cloud)  
Link copied  
By [Ariful Huq](https://www.paloaltonetworks.com/blog/author/ariful-huq/?ts=markdown "Posts by Ariful Huq")  
Oct 13, 2020  
4 minutes  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Aporeto](https://www.paloaltonetworks.com/blog/tag/aporeto/?ts=markdown)  
[Microsegmentation](https://www.paloaltonetworks.com/blog/tag/microsegmentation/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/cloud-security/aporeto-integration-prisma-cloud/?lang=ja "Switch to Japanese(日本語)")

In December of 2019 Palo Alto Networks [acquired Aporeto](https://www.prnewswire.com/news-releases/palo-alto-networks-completes-acquisition-of-aporeto-300979088.html), a startup with an innovative approach to reducing the threat of lateral attacks using identity-based microsegmentation. Since that acquisition, our teams have been hard at work integrating the technology into Prisma Cloud. With the latest release, the technology will be available as a new module called Identity-Based Microsegmentation.

The Aporeto integration into Prisma Cloud gives our customers a Cloud Native Security Platform that offers the most comprehensive security for any application across any public cloud.

## Why Microsegmentation is Important

Enterprises have shifted their cybersecurity methodology to ask *when* will a breach happen instead of *if* one will occur. When there is a breach, the best option is to contain the blast radius to prevent lateral spread, and preventing the attacker from getting access to a high-value asset. With the [rise in cloud adoption](https://www.paloaltonetworks.com/blog/2020/06/cloud-native-security-genome/) and the move to dynamic, cloud native [infrastructure](https://www.paloaltonetworks.com/blog/2020/05/network-cloud-native-applications/), containing these lateral attacks is more challenging than ever.

As an example, here are two attack scenarios:

1. A compromised web application in your cloud environment is in a virtual private cloud (VPC) that also has connectivity back into your private data center. If the attacker has network reachability within that VPC, then potentially back into your private data center, the blast radius of such an attack is fairly large.
2. A compromised web application or container inside a Kubernetes cluster may give an attacker the ability to move laterally within a node, across nodes between namespaces or potentially across Kubernetes clusters.

Microsegmenting your application infrastructure at scale, across any cloud, with a [Zero Trust methodology](https://www.paloaltonetworks.com/blog/2020/05/network-end-to-end-zero-trust/) -- that is, assuming the network is always compromised -- is the best approach to preventing lateral attacks. And it is the approach we are moving toward as an industry. Thanks to the Aporeto integration, we offer a novel approach to microsegmentation that is decoupled from the underlying network infrastructure: Identity-Based Microsegmentation.

## Why Identity-Based Microsegmentation

Network segmentation technologies have traditionally relied on IP as the identifier. This approach worked when infrastructure was static and managed by a networking team. Reliance on public cloud and the shift towards elastic and immutable cloud native infrastructure breaks IP-based policies -- and status quo network security operations workflows.

![Illustrating Identity-Based Mircosegmentation architecture](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/Microsegmentation-architecture-1.png)
Illustrating Identity-Based Mircosegmentation architecture

## How It Works

Identity-Based Microsegmentation in Prisma Cloud is based on four principles:

1. Decouple security from the network by assigning every workload a cryptographic identity. This identity becomes the perimeter, as opposed to IP address.
2. Discover and learn application communication, both inside and across clouds. Prisma Cloud then maps this information in real-time with workload identity context, not IP and port.
3. Distribute policies to end-points but manage them centrally. Policies can be auto-generated for you or you may choose a more declarative approach to defining and testing segmentation policies without impacting runtime.
4. Authenticate then authorize each connection request using distributed, identity-based enforcement -- thus segmenting the applications.

## User Benefits

With Prisma Cloud Identity-Based Microsegmentation, network and cloud security teams can address the needs of dynamic cloud native applications:

* **Reduction in total number of rules:** Prisma Cloud utilizes an allow-list approach combined with identity. The use of an identity reduces the overall number of rules needed for policy enforcement. As applications scale up or down, other workloads do not need policy updates.
* **Purpose-build microsegmentation for multi-cloud and hybrid-cloud environments:** East-west traffic segmentation between workloads in heterogeneous environments traversing multiple IP domains is no longer an issue since IP reachability no longer assumes application access.
* **End-to-end visibility into application dependencies:** Visibility into applications across any cloud is now possible because the common workload identifier is abstracted from infrastructure.

![Managing Identity-Based Microsegmentation in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/ID-Microsegmentation-in-Prisma-Cloud-1.png)
Managing Identity-Based Microsegmentation in Prisma Cloud.

## Request Access to The Live Preview of Identity-Based Microsegmentation

Over the coming weeks, Identity-Based Microsegmentation will be available in Prisma Cloud Enterprise Edition as a live preview. You can get more details about this module through our [product page](https://www.paloaltonetworks.com/prisma/cloud/identity-based-microsegmentation) or download our [latest eBook](https://www.paloaltonetworks.com/resources/ebooks/identity-powered-microsegmentation).

In addition to the Aporeto integration, you can learn about all of the enhancements in [this latest release](http://blog.paloaltonetworks.com/2020/10/cloud-evolution-comprehensive-cnsp) during our upcoming digital fireside chat on October 20. Palo Alto Networks product leadership and other industry experts will discuss trends in cloud native security as well as our overall product vision -- [register here](https://www.linkedin.com/events/cloudnativesecurity-firesidecha6719607962433798144/) .

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Applying White House Ransomware Best Practices for the Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/ransomware-best-practices-for-cloud/)

### [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [KSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/kspm/?ts=markdown)

[#### Kubernetes: A Practitioner's Guide to KSPM](https://www2.paloaltonetworks.com/blog/cloud-security/kubernetes-a-practitioners-guide-to-kspm/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [KSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/kspm/?ts=markdown)

[#### Anatomy of a Kubernetes Attack: How Cortex Cloud Provides End-to-End Protection](https://www2.paloaltonetworks.com/blog/cloud-security/kubernetes-attack-detection-response/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Cloud Workload Protection, Now Operating at Full Context](https://www2.paloaltonetworks.com/blog/cloud-security/beyond-cloud-workload-protection-cwp/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown)

[#### Analyze Vulnerabilities (CVEs) with Confidence](https://www2.paloaltonetworks.com/blog/cloud-security/vulnerability-management-intelligence-stream/)

### [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/category/vulnerability-management/?ts=markdown)

[#### Implementing a Comprehensive Cloud Vulnerability Management Program](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-vulnerability-management-program-implementation/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language