Overview
As organizations rapidly migrate to public clouds and adopt AI, they move faster than ever — but that speed creates blind spots. Decentralized development leads to Shadow IT and Shadow AI: unsanctioned applications and models running in your environment that your security team cannot see. You cannot secure what you cannot see.
The Cloud Network Risk Assessment automatically discovers and maps all of your cloud users, workloads, applications, and AI ecosystems, then analyzes actual network traffic — inbound, outbound, and East-West — to identify exactly where your security gaps are and what an attacker is most likely to exploit.
Two Delivery Modes
Choose the mode that fits your comfort level with in-line inspection. Both surface high-value insights; Mirror Mode goes deeper into L7 and payload.
Discovery Mode
Onboard your cloud account to Strata Cloud Manager using read-only permissions. We analyze VPC flow logs to paint a picture of the traffic and applications running across your entire cloud ecosystem.
Mirror Mode (Cloud SLR)
Deploy a tap-mode firewall using native cloud traffic mirroring. A copy of your network traffic is sent for deep packet inspection. Runs silently for one week with zero performance impact on production.
Availability
The Cloud Network Risk Assessment supports AWS, Azure, and GCP. Discovery Mode is available across three theaters; Mirror Mode is currently available in the United States only.
Where Discovery Is Supported
Read-only VPC flow log discovery is available today in the eight countries highlighted below.
Key Capabilities
- Automated Discovery: Maps every workload, container, application, and AI ecosystem across AWS, Azure, and GCP.
- App-ID & User-ID: Identifies 3,000+ applications — exposing Shadow IT, unsanctioned SaaS, and high-risk legacy protocols like SMBv1 and Telnet.
- Traffic Flow Analysis: Captures inbound, outbound, and East-West flows — including lateral movement and non-standard-port exfiltration that VPC flow logs miss.
- Threat Detection: Surfaces active malware, vulnerability exploits, and command-and-control activity hiding in your traffic.
- Non-Invasive: Uses agentless traffic mirroring — no inline changes, no performance impact on your production environment.
- Zero Trust Roadmap: Maps actual attack surfaces to give you a technical blueprint for segmentation based on real traffic patterns.
The 3-Step Process
Connect
Onboard your cloud account to Strata Cloud Manager. For Mirror Mode, deploy the tap-mode firewall and enable native traffic mirroring — the entire setup takes under an hour.
Monitor
We let the assessment run silently in the background — Discovery Mode ingests VPC flow logs; Mirror Mode passively collects a week of rich data on user behavior, application usage, and hidden threats.
Review
All data is compiled into a comprehensive Cloud SLR report — your single pane of glass for protected versus unprotected assets, high-risk apps, and active threats. We walk you through the findings and next steps.
What You'll See in the Report
Asset Inventory
- All workloads, containers, APIs
- Protected vs unprotected breakdown
- AI ecosystem discovery
- Cross-cloud unified view
Application Visibility
- 3,000+ apps identified via App-ID
- Shadow IT and unsanctioned SaaS
- High-risk legacy protocols
- Application flow mapping
Threat Findings
- Active malware in traffic
- Vulnerability exploit attempts
- Command-and-control activity
- Anomalous data transfers
Actionable Intelligence
- Risk-scored recommendations
- Segmentation blueprint
- Stakeholder-ready evidence
- Justification for security spend
Common Findings
Critical
- Active C2 beaconing in traffic
- Unencrypted remote access tools
- Publicly exposed workloads
High
- Shadow AI models in production
- Malware or exploit attempts
- Non-standard-port exfiltration
Medium
- Legacy protocols (SMBv1, Telnet)
- Unsanctioned SaaS applications
- Redundant or unused workloads
Deliverable
- Comprehensive Cloud SLR report — your single pane of glass
- Protected vs unprotected asset breakdown
- High-risk application inventory
- Active threats detected in traffic
- Traffic flow analysis (inbound, outbound, East-West)
- Prioritized, data-driven remediation guidance
- Zero Trust segmentation blueprint