Enabling GenAI Protect

Prerequisites

  • Ensure that the administrator account used to configure GenAI Protect has the required permissions before you enable the feature.

  • Create a DLP policy.

    Note:

    The GenAI Protect SaaS dashboard becomes visible only after the first DLP policy is created.

To assign the required permissions:

  1. Log in to the Check Point Portal.

  2. Go to Settings > Users.

  3. Select the administrator profile that will be used to configure GenAI Protect, and click Edit.

  4. In the Edit User tab, scroll to the Global Role section.

  5. In the Service drop-down list, select SaaS.

  6. In the Specific service role(s) drop-down list, select Admin - View All Sensitive Prompts.

  7. Click Save.

Note:
  • The GenAI Protect SaaS service is visible only to administrators with the Admin - View All Sensitive Prompts permission.

  • When accessing the GenAI Protect SaaS page for the first time, both the Add Contract and Start Trial options are displayed. Select Start Trial, even if the organization already has a valid license. This step only initializes the service.

Enabling GenAI Protect

Text control - To apply the DLP rule when you type text in an external resource text box. For example, in ChatGPT.

The Data Loss Prevention policy allows the administrators to enable the Gen AI Protect feature on the endpoints. It monitors the use of various generative AI applications in the endpoints. It detects and prevents the sharing of potential confidential information in the prompts to any generative AI applications by the Endpoint Security Clients.

Note:

GenAI Protect feature is supported only for the Check Point Portal tenants residing in the EU, India, US, and Australia, and Canada regions.

To enable GenAI Protect and view the Dashboard:

  1. Access the Endpoint SecurityBrowser - Classic Administrator Portal.
  2. From the left navigation panel, click Policy > Data Loss Prevention.
  3. Create a Data Loss Prevention policy with Outbound events for Text Control or Paste actions.
    1. In the Categories & Subcategories list, select Artificial Intelligence (AI).
    2. In the Action list, select the action required.
      • Prevent

      • Detect

      • Ask

      Note:

      If you want to exclude an application from GenAI Protect monitoring, you can use the Allow action, or use the Block action to prevent the action from running in that particular application.

    3. In Data types, select the data types required for the policy.
    4. Click Save.
  4. Go to Settings tab and select the Enable GenAI protect checkbox.

    ../../Images/Images-for-HEP-AG/enable-genai-protect-in-policy.png

  5. Click Save & Install.
  6. To view the dashboard, from the top right corner of the page, click GenAI Protect Dashboard.

    ../../Images/Images-for-HEP-AG/link-to-genai-protect.png

    The system redirects you to the SaaS Security Administrator Portal and shows the GenAI Protect Dashboard.

    Note:
    • If you access the GenAI Protect dashboard for the first time, the system might request to activate SaaS Security. Click Start trial.

      Though GenAI Protect is visible in the SaaS Security Administrator Portal, you do not need additional license to use GenAI Protect and it is a part of Endpoint Security Elite Browser - Classic Advanced license that you have.

    • Till the time, the secure browser extension detects events that match the DLP policy rules of GenAI Protect, the system shows the Welcome page.

      ../../Images/Images-for-HEP-AG/genai-protect-welcome-page.png

    • Once the secure browser extension detects events that match the DLP policy rules of GenAI Protect, the system shows events in the GenAI Protect Dashboard.

      ../../Images/Images-for-HEP-AG/genai-protect-dashboard.png

For information about how to use GenAI Protect dashboard, see the SaaS Administration Guide.