AI Runtime Security
Prevent Network Security Threats with Security Policies
Table of Contents
Prevent Network Security Threats with Security Policies
Prevent network security threats by creating and enforcing security policy
rules.
This page helps you create a security policy to secure your cloud assets from
potential threats.
On this page, you will create an AI security profile with specific asset
protections and add it to a security profile group. Next, create a security policy
and attach the profile group to the security policy. Push the security
configurations for the security rule from SCM to the AI Runtime Security instance in
your cloud.
Where Can I Use This? | What Do I Need? |
|---|---|
|
The AI Runtime Security instance deployed in your cloud
environment gives you continuous real-time discovery and monitoring of your cloud
resources. After you identify the malicious threats in your AI network traffic and
correlate these with the cloud assets such as AI applications, AI models, and AI
datasets, you can then prevent threats by creating policy rules between the cloud
resources.
An AI security profile helps you configure specific
security settings for:
- AI application protection with AI URL categorization.
- AI model protection to protect your AI models against threats such as prompt injections.
- AI data protection to protect against sensitive data leakage to and from AI models.
To prevent network security threats:
- Log in to SCM.
- To create an AI Security profile in SCM, selectManage→ Configuration→ NGFW and Prisma Access→ Security Services→ AI Security→ Add Profile.
![]()
- Enter aNameand aDescription.
- Add Model Groupfor customized protections, see Create Model Groups for Customized Protections.For example, a model group with URL categorization and prompt injection alert settings is attached to the following security profile for a target AI model. You can attach a security policy as a zone or a DAG:
- For zone-based security, follow the use case on how to Create Traffic Objects for Zone-Based Security using specific clusters to monitor the ingress and east-west traffic. Attach this zone to a security policy rule to enforce policies on the AI traffic sourced from this zone and the traffic objects within this zone.
- For protecting the source AI applications, use Dynamic Address Groups in Policy and reference these DAGs in the security policy rule.
- Create Security Profile Groups and attach the AI Security profile to each profile group.
![]()
- In SCM, selectManage→ Configuration→ NGFW and Prisma Access→ Security Services→ Security Policyand create a security policy rule.
- Attach the security profile group to the security policy underProfile Group.
![]()
- SelectManage→ Operations→ Push Configand push the policy configurations to the AI Runtime Security instance in your AI network architecture to enforce the policy rules on the traffic.
- SelectIncidents and Alerts→ Log Viewer.
- SelectFirewall/AI Security.
- Review the logs in AI Security Log Viewer to see traffic blocked according to your AI Security profile.
For information on log fields, see the Strata Logging Service Log Reference Guide.
