This article explains how to use the GenAI Apps Dashboard to monitor how GenAI apps are used in your environment. For more information on protecting AI-based applications, see Securing AI App Traffic.
The GenAI Apps Dashboard provides centralized, comprehensive visibility into inline GenAI app usage, including shadow AI. The dashboard details what AI applications are being used across your organization, and by who, and tracks all user interactions and sensitive data sharing. This helps you detect whether sensitive data, for example, source code, PII, or financial information has been exposed to an LLM. Exposing this sensitive data to an LLM can create a security risk, as adversaries can query the model to extract the data. With the visibility provided by the GenAI Apps dashboard, you can proactively prevent data breaches by identifying risks.
The dashboard also categorizes GenAI apps, allowing you to apply granular security policies through Application Control or DLP rules tailored to your specific requirements.
Gaining visibility of this data is a key part of protecting your organization and its sensitive data while enabling secure AI application usage. For more information on developing a strategy to protect your organization while using AI-based apps, see Securing AI App Traffic.
A CASB license is required for the GenAI Apps Dashboard. For more information about purchasing a CASB license, please contact your Cato representative.
The security team at company ABC has a clear data policy for which GenAI apps can be used. They create Application Control and DLP rules to enforce the policy. However, they are often unaware of which GenAI apps are used within their organization. This creates a security risk as without this knowledge, they cannot enforce their security policy.
To mitigate this risk and identify Shadow AI apps, the security team review the:
-
Top Applications widget to identify who is using shadow AI apps and the level of risk associated to the app
-
File Uploads widget to identify sensitive file uploads to unsanctioned apps and create new data policies to prevent additional leakage
-
Classification widget to identify duplicates of sanctioned apps per category and restrict access to unsanctioned apps
To access the GenAI Apps Dashboard, navigate to Security > GenAI Apps.
The GenAI Apps Dashboard is split into three sections:
-
Summary: A high-level overview of the GenAI apps used in your ecosystem and the categories they are in
-
Overview: Gain visibility into GenAI apps used in your environment, their generated events, user activity, and actions taken
-
Data Protection: Insights into data policy violations and the users and files involved
The entire dashboard can be filtered by user or app to gain a deeper understanding into GenAI usage.
Note
Note: Some widgets in the dashboard require App Control to be enabled with a rule that monitors all cloud activities across all cloud applications.
These tables explain the widgets in the GenAI Apps Dashboard.
This table explains the widgets in the Summary section.
|
Name |
Description |
|---|---|
|
GenAI Apps |
How many GenAI tools are used. |
|
Classification |
Number of sanctioned and unsanctioned GenAI apps used. |
|
Risky Apps |
Number of risky GenAI applications being used. |
|
Users |
Number of users using GenAI apps. |
|
Data Violations |
Number of data violations detected from GenAI apps. |
|
Network Usage |
Network usage of GenAI apps. |
|
Apps per Category |
Number of GenAI apps used per AI category. |
This table explains the widgets in the Overview section.
|
Name |
Description |
|---|---|
|
Events by Action |
Breakdown of the action Cato has taken on events generated by GenAI apps. |
|
Applications by |
List of all GenAP apps used in your environment, ordered by the number of users access the app, or the risk score of the app. |
|
Top GenAI Users |
List of users with the highest network usage of GenAI apps. |
|
Top User Activities Over Time |
Most frequent user activities on GenAI apps over time. You can see the exact number of activities by clicking on the graph. This helps you detect anomalies in users activities. |
This table explains the widgets in the Data Protection section.
A DLP license is required to view this section. For more information about purchasing a DLP license, please contact your Cato representative.
|
Name |
Description |
|---|---|
|
Violations by Data Profile |
Proportion of each data types involved in violations and the Top 4 apps with the most data violations. |
|
Policy Violations Over Time |
The amount of data policy violations over time. |
|
Top Users Sharing Sensitive Data |
List of the users who most frequently violate data policy. |
|
Policy Violations |
List of DLP rules that were most frequently violated. |
|
File Uploads |
List of the latest files uploaded to GenAI applications. |
0 comments
Article is closed for comments.