AIARCOASC Docs

Microsegmentation

Identity-aware east-west traffic policy across hosts, pods and clouds.

What it is

Microsegmentation declares the allowed identity-to-identity flows in your environment (workload A can talk to workload B on port 5432) and enforces them via a lightweight host agent. Works across clouds, on-prem, Kubernetes and bare metal.

When to use it

  • Contain lateral movement after a host compromise.
  • Pass an audit that requires explicit east-west policy.
  • Replace error-prone security groups with identity-level rules.

Quickstart

asc shield microseg policy create db --allow 'workload=api:5432' --deny default
client.shield.microseg.policy.create(name='db', allow=['workload=api:5432'], deny='default')
await client.shield.microseg.policy.create({ name: 'db', allow: ['workload=api:5432'], deny: 'default' });

Limits & quotas

LimitDefaultBurstNotes
Workloads per project10,000
Policies per workload100

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/shield/microseg/policies

Required scope(s): shield:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.