Skyhigh Secure Web Gateway (On Prem) for AI Services

Last updated
Save as PDF

NOTE: This topic is applicable only for Skyhigh Secure Web Gateway (On-Prem) users.

Skyhigh Secure Web Gateway (On-Prem) provides a recommended list of Artificial Intelligence (AI) services to control the usage of AI services within your organization. This list includes URLs (host names and domain names) for chatbots, virtual assistants, machine learning, and generative AI models, such as ChatGPT, Bard, and more. Secure Web Gateway (On-Prem) protects your organization against threats that arise when users access AI services via corporate infrastructure. Organizations can leverage the Skyhigh recommended list of AI services for security and regulatory compliance.

You can now use the Skyhigh recommended list named AI-ML Domains in your web policy to apply security controls on AI services. For example, you can configure a web policy in Secure Web Gateway (On-Prem) using this Skyhigh recommended list and block access to AI services.

Configure a Web Policy

You must configure a web policy, which defines the criteria for AI services and set remediation actions that are triggered in response to the detected AI service. Use the following procedure to configure a web policy for AI services.

Once you configure your web policy, it is enabled by default.

To configure a Web Policy:

In Skyhigh Secure Web Gateway (On-Prem), go to Policy > Lists > Strings.
Under Lists, select Strings, and click +.
On the Add List tab, name the list and describe its source:
- Name. Enter a descriptive name to help identify the list.
- List Content is managed remotely. Select this check box if the list of AI services is managed remotely.
- Source. Select Skyhigh Supplied List (or McAfee Supplied List based on your Secure Web Gateway (On-Prem) version) as the source for the list of AI services, and click Choose.
In the McAfee Supplied List Content dialog, under Application URL Lists, select AI-ML Domains.

NOTES

If the Skyhigh recommended list of AI services does not appear in the McAfee Supplied List Content dialog, you must update your appliances.
To update your appliances, go to Configuration > Appliances, select the appliance by its name, and then click Update Engines > Trigger Update.

Click OK > OK, and click Save Changes to save the list.
Go to Policy > Rule Sets, and click Add > Rule Set.
On the Rule Set tab, name the rule set and describe its status and scope:
- Name. Enter a descriptive name to help identify the rule set.
- Applies to. Make sure that Responses and Embedded Objects are not selected for the rule set.
Click OK.
Under Rule Sets, select the newly created rule set, and click Add Rule.
In the Add Rule dialog, configure the following:
1. Name. Enter a descriptive name to help identify the rule, and click Next.
2. Rule Criteria. Specify the rule that the policy enforces. Click Add > Advanced criteria.
  - Selected Property. Select the criteria to apply the rule. You must specify the following criteria for the rule.
    - URL.Host. The host names of the AI services.
    - URL.Domain. The domain names of the AI services.
  - Selected Operator. Specify the operator for the selected criteria to build a condition. You must specify the following operator for the rule.
    - is in list. Select this operator to specify the list of AI services.
  - Compare with. Specify the operand for the selected criteria. You must select the newly created list for AI services.
    
    Make sure that you select OR in the condition of your rule criteria, and click Next.
3. Action. Select the response action that is triggered when the policy rules are matched. For example, select Block.
Click Finish.
Click Save Changes.

Your web policy is now configured successfully.