Prisma AIRS
Security Lifecycle Review (SLR) for AWS Overview
Table of Contents
Security Lifecycle Review (SLR) for AWS Overview
This page walks you through the steps to deploy Security Lifecycle Review (SLR) in
your cloud environment using the deployment workflow in Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
The cloud SLR (Cloud Risk Assessment) monitoring provides comprehensive
visibility, control, security, and reporting for cloud workloads (VMs and cluster
traffic) without deploying an inline firewall. SLR is deployed in packet mirroring
mode to monitor the mirrored traffic sourced from the application Elastic Network
Interface (ENI).
Prerequisites
- Get the Eval Flex credits SKU and activate Prisma AIRS AI Runtime: Network intercept for a 30-day trial. Refer here to generate the Eval flex credits.
- Use the Eval credits to create a deployment profile and specify the size and number of firewalls based on traffic. (Recommended 2 firewall instances of 4 vCPU).
Key Features:
- Monitors inbound, outbound, and east-west traffic flows.
- Use mirrored traffic between the application ENIs.
- Generates detailed threat reports for threat and risk assessment.
Limitations
- SLR reports display only encrypted SSL/TLS traffic.
- SLR deployment is supported in the US region and on AWS only.
- SLR is supported on Prisma AIRS AI Runtime: Network intercept.
- The SLR report does not differentiate between cluster and non-cluster traffic, as the report has no cluster ID.
- SLR only monitors traffic from application ENIs on instance types supported by AWS.
Getting Started
- Log in to the Hub and launch Strata Cloud Manager.Onboard and Activate a Cloud Account in Strata Cloud Manager.When you apply the onboarding Terraform in your cloud environment, it generates a service account with the necessary permissions to enable cloud asset discovery. The discovery identifies both applications and ENIs. The ENIs are used to send traffic to the SLR.You can onboard multiple projects or VPCs.Deploy SLR in AWS (GWLB-based or per-application VPC-based deployment). This deploys SLR in packet mirror mode.Download SLR reports to assess and identify potential threats.View the threat logs and AI security logs generated by SLR in the log viewer.After you assess the threats, deploy Prisma AIRS AI Runtime: Network intercept to secure your cloud assets.
