Google has recently released Google Gemini which is the rebrand of Google Bard. It's a content generative AI tool, it's Google's version of ChatGPT.
As of the writing of this article, the tool is in a limited availability and it is not available for all users.
Part of this service, is that, once enabled on Google workspace (Gsuite) is gets integrated on some of the applications directly (like Docs or Gmail).
This article suggests a way to monitor the use of this application and also to enable the content inspection on it via the use of Broadcom Cloudsoc.
Cloudsoc Gatelet Enabled, and Google Workspace (GSuite) traffic is routed through CloudSWG and Cloudsoc.
Cloudsoc Custom Gatelet provides a flexible way to define the interesting traffic to be routed to Cloudsoc. the steps to create a custom Gatelet are defined on this TechDoc
Define Interesting Traffic:
Two parts need to be covered.
1- Direct Use of Gemini:
Domain to use:
gemini.google.com
Use Case:
This domain will cover the use case where the end user goes directly to the domain, and generate contents on the website directly.
2- Indirect use of Gemini through the integrated applets:
Domains to use:
taskassist-pa.clients6.google.com
espresso-pa.clients6.google.com
Use Case:
The two domains would cover the use case where the user starts to use Gemini from within either Google or Docs
Once the interesting traffic is defined in a Custom Gatelet, and once it gets sync'ed with CloudSWG correctly, then Cloudsoc will process the traffic and will start to populate the supported activities on Investigate. the activities supported by default on the Custom Gatelets are (Login, Logout, Upload, and Download).
Policies and Content Inspection
At this point, Cloudsoc monitors the events generated by the end users on Gemini. More controls can be added via the use of the Policies to align the usage to the business requirements.
Admins can add policies on their DLP (depending on the integration, either Cloud DLP or DLP Enforce).
Example:
Gemini needs to be enabled by the Admin user on the admin console of Google Workspace. Once it is enabled, it will show up an extra tool in apps. here are a few examples:
In Google Docs, an applet with "Help Me Write" caption would show on a blank page:
Similar to that, in Gmail, in the "compose" message window, a "Help me Write" would show up as well:
Custom Gatelet:
make sure that "Scan Request payload" is enabled if Content Inspection is required (DLP Policy)
A simple Keyword policy like this:
Entering the keyword into Gemini (or its applets) would be blocked, and a DLP Incident will be generated, the DLP incident will look like this: