* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Network Security](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/) * [Next-Generation Firewalls](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/) * Stop Guessing: CLARA Ends... # Stop Guessing: CLARA Ends the Cloud and AI Visibility Paradox [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fstop-guessing-clara-ends-the-cloud-and-ai-visibility-paradox%2F) [](https://twitter.com/share?text=Stop+Guessing%3A+CLARA+Ends+the+Cloud+and+AI+Visibility+Paradox&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fstop-guessing-clara-ends-the-cloud-and-ai-visibility-paradox%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fstop-guessing-clara-ends-the-cloud-and-ai-visibility-paradox%2F&title=Stop+Guessing%3A+CLARA+Ends+the+Cloud+and+AI+Visibility+Paradox&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/network-security/stop-guessing-clara-ends-the-cloud-and-ai-visibility-paradox/&ts=markdown) \[\](mailto:?subject=Stop Guessing: CLARA Ends the Cloud and AI Visibility Paradox) Link copied By [Josh Pederson](https://www.paloaltonetworks.com/blog/author/josh-pederson/?ts=markdown "Posts by Josh Pederson") Nov 24, 2025 5 minutes [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown) [AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown) [CLARA](https://www.paloaltonetworks.com/blog/tag/clara/?ts=markdown) [cloud](https://www.paloaltonetworks.com/blog/tag/cloud/?ts=markdown) [Enterprise Network Firewalls](https://www.paloaltonetworks.com/blog/tag/enterprise-network-firewalls/?ts=markdown) [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/tag/next-generation-firewalls/?ts=markdown) In the modern enterprise, we tell ourselves that visibility is the foundation of security. But for security leaders navigating the chaotic intersection of multicloud environments and rapid AI adoption, "visibility" has become a loaded term. The reality is that true visibility remains elusive, so cybersecurity professionals are often forced to make assumptions. It's not a sustainable approach. As your organization embraces digital transformation, you are tasked with protecting a perimeter that is no longer static --- it is dynamic, decentralized, and increasingly autonomous. The pressure to adopt new cloud services and AI technologies at speed creates a constant tension with the imperative to maintain governance. The risk goes beyond not being able to see everything; it is that traditional security measures struggle to keep pace, creating visibility gaps that leave organizations unaware of their actual risk exposure until it is too late. This is the "fog of cloud" --- where you assume you are protected, but lack the data to prove it. ### The Need for a Holistic View Discovery is only the first step, because the real challenge for security executives is translating that awareness of actual threats into a quantifiable risk posture. To bridge the gap between assumption and reality, Palo Alto Networks introduced the [Cloud Networks and AI Risk Assessment](https://www.paloaltonetworks.com/network-security/cloud-and-ai-risk-assessment). Unlike standard assessments that provide a single point-in-time snapshot, CLARA delivers a multi-faceted analysis --- all at no cost or obligation. The service combines three distinct, complimentary assessments into a single engagement for AWS and Azure environments, allowing you to tackle risk from three critical angles. ### Angle \#1: Network Assessment - Exposing the Hidden Perimeter The first narrative thread in any security story is "the unknown." Driven by agile methodologies and decentralized development, Shadow IT makes it nearly impossible to maintain a real-time inventory of all cloud assets. CLARA addresses this by automatically discovering workloads and applications to map your actual cloud perimeter and traffic patterns. * **The insight:** You gain a complete, real-time inventory of all cloud workloads and AI apps, agents, and models. * **The outcome:** This eliminates blind spots by identifying unknown or unsanctioned protocol usage and providing advanced threat analysis, allowing you to close the gaps attackers are most likely to exploit. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-348957-1.png) *Cloud Security Lifecycle Report (SLR) report showing high risk applications discovered in the CLARA assessment.* ### Angle \#2: Firewall Benchmarking - The Reality Check Once the perimeter is mapped, the narrative shifts to efficacy. Enterprises rightly question whether their existing cloud service provider (CSP) firewalls can stop sophisticated, modern threats. Are your controls actually working, or are you just assuming they are? The Cloud Firewall Benchmarking component provides a data-driven answer by running targeted, real-world breach and attack simulations against your existing cloud firewalls in a controlled environment. * **The insight:** You receive empirical, third-party validation of your CSP firewall's true security efficacy. * **The outcome:** A Security Validation Report (SVR) details blocked versus allowed exploits, enabling you to make evidence-based decisions to validate the ROI of enterprise-grade threat prevention. ### ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-348957-2.png) *The Firewall Benchmarking Report comparing efficacy of blocked threats between cloud service providers and Palo Alto Networks* [*Software Firewalls*](https://www.paloaltonetworks.com/network-security/software-firewalls)*.* ### Angle \#3: AI Risk Assessment - Securing the New Frontier The final chapter in this saga turns to the most urgent security disruption: Artificial Intelligence. The "AI Black Box" conundrum --- in which it is impossible to know how these systems reach their conclusions --- presents two significant challenges. You need to secure the AI supply chain while protecting against runtime threats like prompt injections. CLARA's AI Risk Assessment scans models and datasets for malicious scripts or tampering to secure the supply chain and simultaneously performs Red Teaming exercises against live applications. * **The insight:** You get an assessment of the complete AI ecosystem, from models and data to live applications. * **The outcome:** By identifying vulnerabilities early --- such as prompt injections or data tampering --- you enable the organization to deploy new AI capabilities with confidence that your brand and data are protected. ### ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-348957-3.png) *Output of the Red Teaming report showing risk score based on successful simulated attacks.* ### The Strategic Advantage of Integrated Risk Intelligence For security leaders, risk is rarely isolated in a silo. But triangulating these three vectors --- Network, Firewall, and AI --- CLARA offers a unified view that fragmented tools cannot match. As a result, organizations can realize: * **Greater operational efficiency:** Instead of managing three separate vendor engagements, you consolidate discovery and validation into a single, streamlined process. * **More security ROI:** The assessment validates where your current controls are sufficient and pinpoints exactly where investment is needed, preventing over-spending on redundant tools while closing critical gaps. * **Accelerated AI enablement:** By identifying the specific guardrails needed for your environment, you can shift from being a blocker of AI innovation to an enabler, providing the board with the assurance needed to accelerate digital transformation initiatives safely. ### Make Strategic Decisions with Data Ultimately, CLARA moves beyond simple observation to provide actionable intelligence. The comprehensive reports generated from these assessments are designed for immediate action, translating complex technical findings into a clear business-risk context. This data empowers CISOs to align stakeholders --- from technical teams to the board --- by quantifying risk and prioritizing protections based on actual exposure, not just intuition. Are you ready to replace assumptions with evidence? To baseline your current security posture and gain the data needed to drive your security strategy, request a complimentary [Cloud Network \& AI Risk Assessment](https://www.paloaltonetworks.com/network-security/cloud-and-ai-risk-assessment) today. *** ** * ** *** ## Related Blogs ### [AI Application Security](https://www.paloaltonetworks.com/blog/network-security/category/ai-application-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Empower Developers to Secure AI Applications Through Code](https://origin-researchcenter.paloaltonetworks.com/blog/2024/11/secure-ai-applications-through-code/) ### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown) [#### Boost Cloud Security with Cloud NGFW: Achieve 163% ROI \& More](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/forrester-spotlight-cloud-ngfw/) ### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown) [#### Learn how to protect your AWS AI applications at AWS re:Inforce 2024](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/aws-reinforce-2024/) ### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### A Brand New Fight: Securing Your AI-Powered Applications](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/secure-ai-apps-by-design/) ### [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [#### LLM in the Cloud --- Advantages and Risks](https://origin-researchcenter.paloaltonetworks.com/blog/2023/07/llm-in-the-cloud/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Introducing New 4th Generation ML-Powered NGFWs](https://origin-researchcenter.paloaltonetworks.com/blog/2022/11/introducing-new-ml-powered-ngfws/) ### Subscribe to Network Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language