Microsegmentation
Identity-aware east-west traffic policy across hosts, pods and clouds.
What it is
Microsegmentation declares the allowed identity-to-identity flows in your environment (workload A can talk to workload B on port 5432) and enforces them via a lightweight host agent. Works across clouds, on-prem, Kubernetes and bare metal.
When to use it
- Contain lateral movement after a host compromise.
- Pass an audit that requires explicit east-west policy.
- Replace error-prone security groups with identity-level rules.
Quickstart
asc shield microseg policy create db --allow 'workload=api:5432' --deny defaultclient.shield.microseg.policy.create(name='db', allow=['workload=api:5432'], deny='default')await client.shield.microseg.policy.create({ name: 'db', allow: ['workload=api:5432'], deny: 'default' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Workloads per project | 10,000 | — | |
| Policies per workload | 100 | — |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/shield/microseg/policies
Required scope(s): shield:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.