Gain comprehensive real-time visibility into your cloud infrastructure by
discovering and analyzing assets protected by Prisma AIRS AI
Runtime: Network intercept and VM-Series firewalls. The discovery
dashboard displays threats, network traffic, and protection status across both firewall
platforms when onboarded through Strata Cloud Manager.
Key Assets Discovered
Virtual Machine (VM) workloads.
Clusters and containers.
Serverless workloads: For Azure functions and AWS Lambda functions, you can
discover and analyze serverless workloads.
Prerequisite for serverless
discovery:
For Azure: A Reader role for your cloud account.
For AWS: IAM permissions to list, describe Lambda functions, and
retrieve tags associated with functions.
AI and non AI applications, AI models, and AI data.
Network traffic.
Important Notes on Discovery
Strata Cloud Manager doesn't detect or manage VM-Series firewall
deployed outside of the Prisma AIRS AI Runtime onboarding
workflow.
While the discovery service updates continuously, please note that deleted cloud
assets may continue to appear in the discovery UI for approximately 24 hours
after deletion from the cloud environment.
Analyzing Discovered Assets
Navigate to Insights Prisma AIRS Prisma AIRS AI Runtime: Network intercept to see a list of protected and unprotected cloud assets, including
applications, risky endpoints, user applications, AI models, and internet endpoints.
The discovery helps you analyze both AI and non-AI security traffic flow logs
and threat logs, enabling you to identify and correlate malicious threats with the
identified cloud assets. You can view threats detected from both platforms, analyze
network traffic flows, and understand which applications are secured by each firewall
type.
The Dashboard: AI Runtime Security provides
actionable insights into all cloud assets in your onboarded cloud account. It classifies
and prioritizes security issues based on threat urgency and risk categories, such as
vulnerability detection and prompt injection attacks. The discovery of assets is
classified into the operational and security views.
.
The Operational view displays all cloud assets: application
workloads, application users, and AI models. The view also shows the
bidirectional communication flows between:
User to application
Application to the AI model
Application to the internet, and
Application to application.
The Security view highlights the threat landscape with
security issues prioritized by urgency and risk type.
Based on the security analysis from the security view, you can add Prisma AIRS AI Runtime: Network intercept or VM-Series firewall by selecting the "+" icon on the dashboard.
Multi-Cloud Security Fabric Discovery is a powerful feature that provides a
unified view of your cloud infrastructure and protection status across multiple
cloud providers. It enables you to visualize your cloud network topology,
understand the protection status of your resources, and implement automated
firewall deployment to secure your applications.
At its core, Multi-Cloud Security Fabric Discovery scans your cloud environments
to identify regions, VPCs, subnets, and applications. It then analyzes traffic
patterns and security configurations to determine whether your resources are
protected, partially protected, or unprotected. This assessment is based on
evaluating multiple use cases including App-to-App, App-to-Model,
App-to-Internet, and User-to-App traffic flows.
The infrastructure view provides a geographical representation of your cloud regions, showing resource distribution and protection status. You can drill down into specific regions to view detailed information about VPCs, applications, firewalls, and tunnels deployed in that region. The topology view offers a more detailed perspective, allowing you to explore the relationships between different components within your cloud infrastructure.
For each VPC, Multi-Cloud Security Fabric Discovery determines protection status
by evaluating whether traffic is being inspected by security elements like
firewalls. A VPC is considered protected when all of its subnets are fully
protected for all defined use cases. When some subnets lack complete protection,
the VPC is marked as partially protected. If no subnets have any protection
enabled, the VPC is classified as unprotected.
Once you've identified unprotected or partially protected resources, you can use the automated deployment feature to secure your infrastructure. This process includes creating security VPCs, deploying firewall instances, setting up load balancers, and configuring the necessary routing to redirect traffic through the security infrastructure. The system supports various traffic patterns including east-west traffic within a VPC, between VPCs in the same region, across different regions, and north-south traffic to internet destinations.
To enable these capabilities, you'll need to onboard your cloud accounts to Strata Cloud Manager with appropriate permissions. The system requires both read permissions to discover your infrastructure and write permissions to implement automated security measures. The implementation follows best practices to minimize traffic disruption, making it suitable for production environments.
By leveraging Multi-Cloud Security Fabric Discovery, you gain comprehensive
visibility into your cloud security posture and the ability to rapidly remediate
security gaps through automated deployment, significantly reducing the
complexity of securing multi-cloud environments.
