Staying Involved
Staying InvolvedHi Michael,
No, just based on risk rating.
Cato Professional ServicesHi JM,
Appreciate your inputs.
Just to clarify, you are referring to the Risk Score mentioned in the App catalog right? ___
https://support.catonetworks.com/hc/en-us/articles/7603867737885-Using-the-App-Catalog
Just to understand better, is there certain GenAI apps that you are looking at, currently? ___
Cheers
Staying InvolvedHi Michael,
That's right. But my concern is in general that the Prompt option we are used to from the Internet Firewall is not available in the Application Control Policy rules. It's almost as if these are two different products being stitched together instead of being designed as a consistent service experience.
Cato Professional ServicesHi JM,
You have a point.
GenAI apps may differ in security capabilities and gaurdrails, based on the different natures of the app and versions released.
For example, in earlier versions of Chatgpt, the prompt security/guardrails wasn't fully imposed, comparing to the latest ones. Thus, different versions of chatgpt may have different levels of prompt security/guardrails capabilities.
To better secure GenAI, having a prompt page would be useful to alert users that there may be a certain level of risk present when accessing the particular GenAI app/webpage, or a block page to block users from accessing high-risk GenAI apps/webpages.
Alternatively, we may consider approaching the security of GenAI apps starting from a prompt-based level of security, inspecting the context and comply against a set of regulations/guardrails, moving forward.
Would this be something that would work for you and benefit your organization?
Cheers
Staying InvolvedNot really. We would like to be able to Monitor/Prompt/Block based on the extended attributes that the CASB license brings. Currently the only options are Monitor/Block, for some reason.
