>
    Strata Copilot
    Analyze Risk in Network Traffic
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Administration
    4. Discover Your Cloud Resources
    5. Analyze Risk in Network Traffic
    Download PDF
    Prisma AIRS

    Analyze Risk in Network Traffic

    Table of Contents

    Analyze Risk in Network Traffic

    Analyze the unprotected cloud assets and the traffic flow between them.
    Where Can I Use This?What Do I Need?
    • Cloud Asset Discovery in Strata Cloud Manager
    Analyze network traffic patterns, identify security threats, and understand protection coverage across your cloud infrastructure. This comprehensive view displays assets protected by Prisma AIRS AI Runtime firewall and VM-Series firewalls, including virtual machines, containers, and serverless workloads.
    Use this risk analysis to prioritize your security deployments by focusing on the highest-risk assets first.
    Deploy Prisma AIRS AI Runtime firewall or VM-Series to protect critical applications and vulnerable workloads based on their threat exposure and business impact.
    Workload Protection Overview: Prisma AIRS AI Runtime firewall protects AI applications, AI models, and cloud-native applications, while VM-Series firewalls secure traditional enterprise applications, legacy workloads, and network infrastructure.
    1. Log in to Strata Cloud Manager.
    2. Navigate to AI Security AI Runtime Firewall.
    3. Select the Operational view to analyze the bidirectional communication flows between users to applications, applications to the AI model, applications to the internet, and applications to applications.
    4. Select the Security view to assess the threat landscape and deploy AI network intercepts as needed.

    Risk Assessment and Prioritization

    Use the network traffic analysis to evaluate security risks across your AI infrastructure and determine where to deploy Prisma AIRS AI Runtime firewall or VM-Series firewall. The risk analysis provides three complementary views to help you understand your risk landscape and make informed deployment decisions.
    The following views help you to:
    • Identify high-risk assets that need immediate firewall deployment
    • Understand traffic patterns to configure appropriate protection policies
    • Prioritize your security efforts based on actual risk exposure
    Review each view to understand your complete AI security posture management, then use the findings to deploy Prisma AIRS AI Runtime firewall or VM-Seriesfirewall protection where it will have the greatest impact on reducing your overall risk.

    Models View

    Assess east-west network traffic flow between applications and AI models. Deploy Prisma AIRS firewall for exposed model endpoints that communicate across network segments.
    Configure AI model protection and AI data protection policies in your AI security profile, including prompt injection detection and toxic content filtering, then push the security policy rules to Prisma AIRS AI Runtime firewall to secure model inference traffic and prevent unauthorized access.
    1. In the Operational view, click the MODELS protections icon. The model discovery helps you to:
      • See which applications communicate with which AI models.
      • Identify AI models receiving traffic from protected and unprotected apps.
      • View protection status, model name, and traffic statistics (requests, responses, protected traffic) when hovering over an AI model.
      • Identify and prioritize the security threats.
      • Summarize alerted model threats, such as prompt injection, malicious URLs, and sensitive data leakage.
    2. Click on each application and model to assess how each maps and communicates with other assets in your network architecture.
    3. Select Add Protection ("+" icon) and place Prisma AIRS firewall between AI models and applications.
      Refer to Deploy Prisma AIRS AI Runtime, VM-Series, and CNGFW Firewalls for your cloud provider's workflow.

    Internet View

    Assess outbound network traffic flow from user applications to internet destinations. Deploy Prisma AIRS AI Runtime firewall or VM-Series immediately for internet-facing AI applications. Configure AI application protection in your AI security profile, then push the security policy rules to the firewalls. Set up threat monitoring for all AI services receiving traffic from external sources.
    1. Hover over and click the INTERNET protection icon to identify:
      • Internet-facing applications.
      • Protected and unprotected apps in your cloud environment.
      • Safe and unsafe internet destinations reached by the apps.
      • Security threats in the network flow between apps and the internet.
      • Threat details by clicking on each app.
    2. Hover over an internet destination URL to see the IP addresses of the top 5 URLs accessing that destination.
    3. Select Add Protection ("+" icon) and place Prisma AIRS firewall or VM-Series between the internet and applications.
      Refer to Deploy Prisma AIRS AI Runtime, VM-Series, and CNGFW Firewalls for your cloud provider's workflow.

    Users View

    Assess inbound network traffic from external applications to internal user applications. Deploy Prisma AIRS firewall or VM-Series immediately to secure the exposed application endpoints receiving external traffic. Configure an AI security policy by enabling AI application protections, then push the security policy rule to your deployed firewall to prevent malicious attacks and unauthorized data access.
    1. Hover over and click the USERS protection icon to:
      • Highlight unprotected traffic flows.
      • Identify the protected and unprotected apps.
      • Determine threat actors, suspicious users, and benign users.
      • View application threat details by clicking on each application.
    2. Select Add Protection ("+" icon) and place Prisma AIRS firewall between users and applications.
      Refer to Deploy Prisma AIRS AI Runtime, VM-Series, and CNGFW Firewalls for your cloud provider's workflow.

    Application Threats Breakdown

    Assess application threats discovery shows the discovered threats from both Prisma AIRS AI Runtime firewall and VM-Series firewall.
    1. Select the Security view on the Strata Cloud Manager dashboard.
    2. Click on the Apps icon. This view will:
      • Group application threats under Applications, Cloud Providers, and Application Assets.
      • Classify applications as protected or unprotected applications, including metadata such as Application Asset IP address, Cloud Networks, Region, Cloud Provider, and Tags used to categorize the apps.
      • Drill down to see the network traffic flows between Apps → Models, Users → Apps, and Apps → Internet.
    3. The application details include:
      • Firewall Serial Number: Displays the unique identifier for each firewall protecting your applications.
      • Firewall Type: Identifies whether protection is provided by Prisma AIRS AI Runtime firewall or VM-Series.
        Network Traffic Flow Paths: Shows traffic flows and indicates which firewall platform inspects each application
    4. Select Application Breakdown to view applications grouped by your cloud workloads, such as VMs and Pods (including containerized environments, Clusters, VMs, and Serverless architectures).
      This breakdown shows applications scoped in the "Application definition" during Cloud account onboarding in Strata Cloud Manager.
    5. Select the Cloud Providers tab to view the application threat breakdown by the cloud provider.
      When reviewing the Application breakdown section on the Applications page, you might observe that the sum of VM and Pod applications doesn't always equal the total number of applications displayed at the top of the page. This is because some applications are categorized as both VM and Pod types, leading to their inclusion in both respective counts within the breakdown.
      However, the total application count prominently displayed remains accurate, representing the unique number of applications across all types, without any double-counting.
    6. Select the Application Assets view to analyze the threat breakdown based on traffic generated from interactions between endpoints and applications.
      For Azure, the feature discovers Function Apps and identifies associated outbound IP addresses. On AWS, it discovers Lambda functions and their linked Elastic Network Interfaces (ENIs). This information allows you to understand which serverless assets are exposed to the internet versus which are contained within protected networks.

    © 2026 Palo Alto Networks, Inc. All rights reserved.