>
    Network Traffic Risk Analysis
    Focus
    Download PDF
    Focus
    1. Home
    2. AI Runtime Security
    3. Discover Your Cloud Resources
    4. Network Traffic Risk Analysis
    Download PDF
    AI Runtime Security

    AI Traffic Network Risk Analysis

    Table of Contents

    Network Traffic Risk Analysis

    Analyze the unprotected cloud assets and the traffic flow between them.
    This page helps you to assess the network traffic flow between AI applications, AI models, and the internet. It also enables you to evaluate and correlate identified network threats with discovered resources, providing a comprehensive view of potential vulnerabilities and risks.
    Where Can I Use This?
    What Do I Need?
    • AI Runtime Security
       Discovery in SCM
    1. Log in to Strata Cloud Manager (SCM).
    2. Select
      Insights
      → AI Runtime Security
      .
    3. Select the
      Operational
      view to analyze the bidirectional communication flows between users to app, app to AI model, app to internet, and app to app.
    4. Select the
      Security
       view to assess the threat landscape and deploy protection instances as needed.

    Assess Risks and Prioritize Threat Prevention

    Models View

    Assess east-west network traffic flow between applications and AI models.
    1. In the Operational view, click the
      MODELS
       protections icon. The model discovery helps you to:
      • See which applications communicate with which AI models.
      • Identify AI models receiving traffic from protected and unprotected apps.
      • View protection status, model name, and traffic statistics
         (requests, responses, protected traffic) when hovering over an AI model.
      • Identify and prioritize the security threats.
      • Summarize alerted model threats, such as prompt injection, malicious URLs, and sensitive data leakage.
    2. Click on each application and model to assess how each maps and communicates with other assets in your network architecture.
    3. Select
      Add Protection
       ("+" icon) and place an AI Runtime Security instance between Models and Apps.
      Refer to Deploy AI Runtime Security Instance in Public Clouds and follow the workflow for your cloud provider.

    Internet View

    Assess outbound network traffic flow from user apps to internet destinations.
    1. Hover over and click the
      INTERNET
       protection icon to identify:
      • Internet-facing applications.
      • Protected and unprotected apps in your cloud environment.
      • Safe and unsafe internet destinations reached by the apps.
      • Security threats in the network flow between apps and the internet.
      • Threat details by clicking on each app.
    2. Hover over an internet destination URL to see the IP addresses of the top 5 URLs accessing that destination.
    3. Select
      Add Protection
       ("+" icon) and place an
      AI Runtime Security
       instance between the Internet and Apps.
      Refer to Deploy AI Runtime Security Instance in Public Clouds for your cloud provider's workflow.

    Users View

    Assess Inbound network traffic from external apps to internal user apps.
    1. Hover over and click the
      USERS
       protection icon to:
      • Highlight unprotected traffic flows.
      • Identify the protected and unprotected apps.
      • Determine threat actors, suspicious users, and benign users.
      • View application threat details by clicking on each application.
    2. Select
      Add Protection
       ("+" icon) and place an AI Runtime Security instance between Users and Apps.
      Refer to Deploy AI Runtime Security Instance in Public Clouds and follow the workflow for your cloud provider.

    Application Threats Breakdown

    Assess application threats to identify vulnerabilities and risks post
    AI Runtime Security
     instance deployment.
    1. Select the
      Security
       view on the SCM dashboard.
    2. Click on the
      Apps
       icon. This view will:
      • Group application threats under
        Applications
        ,
        Cloud Providers
        , and
        Application Assets
        .
      • Classify apps as protected or unprotected apps, including metadata such as
        Application Asset IP
         address,
        Cloud Networks
        ,
        Region, Cloud Provider
        , and
        Tags
         used to categorize the apps.
      • Drill down to see the network traffic flows between
        Apps → Models, Users → Apps, and Apps → Internet.
    3. Select
      Application Breakdown
       to view applications grouped by your cloud workloads such as VMs and Pods (including containerized environments, Clusters, VMs, and Serverless architectures).
      This breakdown shows applications scoped in the "Application definition" during Cloud account onboarding in SCM.
    4. Select the
      Cloud Providers
       tab to view the application threat breakdown by the cloud provider.
    5. Select the
      Application Assets
       view to analyze the threat breakdown based on traffic generated from interactions between endpoints and applications.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.