AI Access Security Recommendations

Table of Contents

Create Custom Security Policy Rules to Control GenAI Access

AI Access Security Recommendations give your network security administrators clear calls to action to strengthen your security posture when allowing GenAI app usage on your network.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager)	One of the following: AI Access Security license CASB-PA license CASB-X license

Your network security admins gain valuable data into GenAI app usage on your organization's network using the AI Access Security dashboard and Strata Command Center. To enable your network security admins to quickly address gaps and strengthen your security posture when adopting GenAI apps, Palo Alto Networks introduces AI Access Security Recommendations.

AI Access Security offers manual and automated recommendations. Manual recommendations are those you need to manually implement. AI Access Security offers step-by-step instructions and provides links to all relevant documentation to help you successfully implement the recommended changes. The Palo Alto Networks Copilot on Strata Cloud Manager implements the automated recommendations rather than the admin. However, the admin who initiated the recommendation proposed by AI Access Security must approve all changes.

(NGFW and Prisma Access (Managed by Strata Cloud Manager)) AI Access Security recommendations update in real time as your admins make configuration changes and AI Access Security analyzes traffic on your network. This allows you quickly respond to any configuration changes or risky GenAI app traffic that might compromise your organization if not immediately addressed. Any recommendation that analyzes traffic on your network has a seven day look back period that informs the recommendation.

(NGFW and Prisma Access (Managed by Panorama)) AI Access Security recommendations update every 24 hours on Strata Cloud Manager.

AI Access Security provides recommendations for the following scenarios.

Expand all

Collapse all

GenAI App Classification Recommendations

Focused on providing recommendations based on the GenAI app usage on your network and their app classification (Sanctioned, Tolerated, or Unsanctioned)
For example, if AI Access Security notices that your organization allows traffic to Unsanctioned GenAI apps. In this case, AI Access Security provides a recommendation to reclassify these GenAI apps as Sanctioned or Tolerated.
Best Practices Checks and Policy Recommendations

AI Access Security uses the Best Practice Assessment (BPA) service to analyze your existing NGFW and Prisma Access policy rulebase to offer recommendations to strengthen your security posture to safely adopt GenAI apps.
For example, if the BPA service discovers that you have a Security policy rule allowing access to Unsanctioned GenAI apps.
Data Loss Prevention Recommendations

To prevent exfiltration of sensitive data to Sanctioned and Tolerated GenAI apps, AI Access Security analyzes your Security policy rules to determine if you're forwarding traffic to Enterprise DLP for inline inspection and for data at rest. This can also include config recommendations required to forward traffic to Enterprise DLP
Onboarding and Maximizing AI Access Security

These focus on providing actionable recommendations to better leverage capabilities across the platform..

Create Custom Security Policy Rules to Control GenAI Access

Generate an AI Access Security Report

AI Access Security Docs

AI Access Security Recommendations

AI Access Security Docs

AI Access Security Recommendations

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Best Practices

Experts Corner

Technical Documentation

Company

Legal Notices