Simplifying Network Investigation with the New Prisma Cloud Intelligent Network Visualization

When analyzing network traffic, identifying anomalies and incidents becomes faster and easier by using the new Prisma Cloud network capability.


Why Is Network Investigation Critical to Overall Cloud Security?

Network investigation is a vital component of a security monitoring and investigation platform, as it provides valuable insights into how assets communicate with each other.

By analyzing the network traffic, security teams can get a better understanding of what’s happening within the existing boundaries and identify what kind of traffic leaves the network. This intel helps teams to gain an understanding of the risks involved and take necessary steps to mitigate them.

Network Traffic Analysis & VPC Flow Logs

Configuration and vulnerability data, on their own, can’t provide a complete view of what's happening in a cloud environment. VPC Flow Logs are crucial, as they capture detailed information about sources and destinations.

To support network traffic analysis, Prisma Cloud ingests VPC Flow Logs from cloud service providers and studies them for network incident and anomaly detection, such as cryptomining and port scan activities.

Prisma Cloud then uses this information to detect and alert potential security incidents that can’t otherwise be identified. Through the use of VPC Flow Logs, organizations can identify malicious activity and quickly respond to security incidents. This, in turn, can help them to improve their overall security posture and ensure that they’re well-prepared for any potential incidents.

Introducing the Intelligent Network Graph

While building the capability to analyze network traffic using VPC Flow Logs, we discovered that how the data is presented and correlated is inextricable to security outcomes. Users can’t afford to spend time on irrelevant events. Their roles require them to quickly pinpoint issues and root causes for incidents that affect their organization.

Addressing the paramount need to visually simplify network analysis and investigation for greater speed, we built a new visualization solution into Prisma Cloud, which combines network and configuration data to bring context into network traffic.

With the newly released Intelligent Network Graph, Prisma Cloud users can immediately answer questions that would otherwise consume valuable time, such as:

  • Is the traffic contained within a VPC?
  • Is it leaving my network?
  • Are the sources or destinations external to my organization?
  • Are the workloads involved in this incident deployed on business-sensitive cloud accounts?
Figure 1: Intelligent Network Graph view

How Does the Intelligent Graph Work?

The Intelligent Graph connects network traffic with asset configuration to automatically build a two-dimensional view that divides traffic into external (traffic coming from/going to IP addresses outside of your cloud accounts) and internal.

The Intelligent Graph also creates a hierarchical structure that puts assets into context of the infrastructure they belong to, which makes it easier for users to pinpoint events happening on important cloud accounts, regions, and VPCs.

Figure 2: Hierarchical asset view

Benefits of Using VPC Flow Logs and the New Intelligent Network Visualization

Using VPC Flow Logs combined with the Intelligent Graph to investigate network traffic greatly enhances security outcomes. The many benefits include:

  • Users get advanced security capabilities without the need to deploy agents by leveraging Prisma Cloud Machine Learning Threat Detection to detect anomalies and advanced network-based attacks.
  • The Intelligent Graph allows stakeholders to make contextually informed decisions. It becomes easier to understand network dependencies, identify east-west and north-south traffic, or simply focus on monitoring traffic that comes from the internet to exposed assets.
  • Integrated with Prisma Cloud alerts, the Intelligent Graph helps users perform complex investigations with a simple workflow, powered by an advanced traffic analysis visualization solution.
  • Rather than getting alerted to all outbound traffic, data from the Intelligent Graph increases security efficiency by focusing on critical events, such as an IP involved with Command and Control attacks.

Learn More About Prisma Cloud

With the new Intelligent Graph, users can expand their investigations without the complexity that most advanced capabilities come with.

If you’re not a Prisma Cloud user and would like to test drive best-in-class code-to-cloud security, we’d love for you to take a 30-day Prisma Cloud trial.