A (13:37)

This message may be shocking to many millennials. If you are one, you might want to sit down right now. Loads of people are searching the following on Depop Low rise jeans, halter top, velour, tracksuit, puka shell necklace, disc belt. You likely place these in the dark of your closet in 2004, never to be seen again. But if you can find it in yourself to dust them off, there are a lot of people who will give you money for them. Sell on Depop where taste recognizes taste.

B (14:13)

Nitei Milner is CEO of Orion Security. We recently discussed the issues with data leaking into AI tools and how CISOs must prioritize DLP.

C (14:25)

So traditional DLP tools, legacy tools like Falsebone, Siemantec, were all about creating policies to make sure you protect your data. So the mission was to protect sensitive data. For banks it can be credit cards. For healthcare providers it can be phi data. And what you had to do with the traditional tools is you had to define a policy for every use case of data that you want to protect. For example, you don't want credit cards to get outside to external recipients over emails. So you had to sit down and create a policy, a rule basically for every one of these use cases. And then what usually would happen is you had to tweak it over and over again because you'd get a lot of false positives, catching all sorts of data that looks like credit card data or data that looks like phi data. And then you had thousands of alerts or false positives. And these tools were known for being, to say the least, not very effective for enterprise companies.

B (15:30)

And so what's changed over time in terms of the state of the art when it comes to DLP tools today?

C (15:37)

So over time, during the past years, technologies like UEBA try to basically reinvent DLP with anomaly detection, but that didn't really work well in other industries like EDR antiviruses. Anomaly detection makes a lot of sense because you can predict how, for example, processes should behave. But it's really, really hard to understand how people are going to behave. So anomaly detection for detecting data loss for people is really hard. So you get a lot of false positives because people change their, how they handle sensitive data every day. So it's hard to just use anomaly detection. And that had failed for the past 10 years. What had changed recently is LLMs and generative AI applications. So basically what is trying to be done right now in the market is to use LLMs, basically human cognition, the missing piece of DLP, and basically think like a security analyst for every data exploitation entitled the company, looking at a lot of indicators, for example, the person doing the action, the type of data that is being sent outside of the organization, the source of the data that's presentation, then getting to a decision if this is basically a verdict, if this is risky for the company or just a normal business ops business data flow in the organization.

B (17:11)

So is the idea here that you're making use of the LLM to basically sort through your logs, to check through a user's behavior and see how that matches up to a set of potential rules that you may have set up or red flags that you've set up?

C (17:30)

Yeah, so it's a different approach than rules. So rules, what we have up until now are deterministic rules. Policies are basically a one or a zero. But when you add LLMs to it, when you add cognition to it, it can have more possibility than just right or wrong. It can look at other context, at other criteria and basically get to a decision like basically a security. A DLP security analyst will look at the person doing the action, how long is he in the company, how does he usually act around sensitive data and then decide if this is a false positive or not. So this is what we're adding right now to the table, just like an ad hoc Verdict for every data exploitation attempt in the company.

B (18:20)

So then does the LLM, for example, when it makes a decision, it alerts a security professional, a human, as to whether or not maybe this needs a little more attention?

C (18:31)

Yeah, definitely. But the. So we're definitely keeping the human in the loop right now. But instead of meeting five DLP analysts today, that goes through, and I'm not exaggerating, thousands of alerts every month that most of them, like 90% of them are false positive. They would get more around like 5 or 10% of false positive. And they will be added into the loop only when necessary. So if you need like five people up until now to run your DLP program with the new technologies in the market, you can do it with 20% of an FTE time. And this is a real game changer in SmartKit.

B (19:10)

And are these systems growing in intelligence as they operate? Does the feedback go back into the process itself?

C (19:19)

Just like a security analyst, you can teach it. So basically when you get the false positives, you can mark a thumbs down and you can explain exactly why this is a false positive. For example, this is an approved destination to send our sensitive data to. Maybe it's a third party vendor that we're working with. Or this data is not really that sensitive for the company. And the LLM model adds it to his context in this specific company. And in next time it will happen, it will use this context to reduce the false positives.

B (19:53)

It really sounds to me like what you're introducing here is the ability to have nuance in these decisions.

C (20:01)

Exactly. You can think about it like it's more similar to like EDR for data. If you remember the old days of Noton and McAfee where you have antiviruses. So EDR came along and basically gave a new approach to detecting malware, a more detection and response approach. It's the same thing we're doing. But up until now it wasn't really possible in DLP because human behaviors are much more complicated than machine behaviors. But now with LLM, we can actually build something that looks like EDR for data. It's easy to maintain, it's a plug and play solution, and it can protect your data without needing to hire an army of DOP analysts.

B (20:44)

What about for people who are hesitant to feed any of their information into an LLM? Are there protections for them?

C (20:52)

Yeah, definitely. It doesn't train the model over separate customers and you can run your LLM model in your own environment. So basically you can keep the constraint on your side.

B (21:09)

Where do you Suppose this is headed, what's the future look like for dlp?

C (21:13)

That's a great question and what I've been waiting for. So basically what we talked up until nowadays is that how AI can help DLP and help data security. But we didn't talk about how AI is a threat in data security and how it's going to change the landscape around data excruciation. So there's three main ways of AI to be looked upon as a threat in data security. One is sensitive data extrudation to AI. For example, ChatGPT or Quad. An employee can take a broad presentation or a financial document with very sensitive data and just feed it to a third party chatgpt. It happens all the time and it's a top risk for a lot of companies today. The second one is AI agents exfiltrating data outside of the company. So AI agents will replace a lot of the human work. For example, an email assistant AI agent that will write emails for you and will share data for you. It can exfiltrate a lot of sensitive data maliciously or just by mistake. And the third one is AI makes corporate data very accessible. If you're familiar with companies like Glean data sharing and data searching with AI makes data very accessible, sometimes not the data that you want this person to access in the company. So for example, you can just type down the salary of the CEO and if by mistake you have access to it, you can see it right away. So data security is about to have a lot of new problems in the upcoming years. And AI can be looked upon as a threat, but also as a huge enaBler for creating 100x Betal solutions with one tenth of the operational cost associated with the traditional ones.

B (23:05)

So AI giveth and AI taketh away, right?

C (23:08)

Exactly. 100%. 100%, Dave.

B (23:13)

All right, well, I think I have everything I need for our story here. Is there anything I missed, anything I haven't asked you that you think is important to share?

C (23:22)

I think that data security is going through a generational shift and everybody can feel that right now that we can build much better solutions with much less cost for companies. And we're going to see a lot of new threats with AI. And like our mission, or my mission even personally, is to make sure that people can access these benefits as fast as possible. And I think that we're going to have a very interesting few years in front of us when it comes to data security and data protection.

B (23:57)

That's Nite Milner, CEO of Orion Security.

C (24:12)

So good.

A (24:13)

So good.

B (24:13)

So good.

D (24:14)

Give big Save big with Rack Friday deals at Nordstrom Rack For a limited time, take an extra 40% off red tag clearance for a total Savings up to 75% off. Save on gifts for everyone on your list from brands like Vince Cole, Haan, Sam Edelman and more. All sales final and restrictions apply. The best stuff goes fast, so bring your gift list and your wish list to your nearest Nordstrom Rack today.

E (24:40)

This episode is brought to you by indeed. You're ready to move your business forward, but first you need to find the right team. Start your search with Indeed Sponsored Jobs. It can help you reach qualified candidates fast, ensuring your listing is the first one they see. According to Indeed data, sponsored jobs are 90% more likely to report a hire than non sponsored jobs. See the results for yourself. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions apply.

B (25:16)

And finally, Riot Games has discovered that some recent motherboards were quietly letting cheaters slip past the velvet rope. A flaw in bios firmware from vendors including Asrock, Asus, Gigabyte, and MSI meant certain DMA based cheats could operate invisibly, bypassing protections meant to keep games fair. Riot says the issue undermined IOMMU defenses that looked awake but were not fully on the job. Like a nightclub bouncer dozing off mid shift, the fix is less glamorous than a ban wave, but more effective. Motherboard makers have released bios updates, and Riot's Vanguard Anti Cheat may now insist players install them before launching Valorant. Riot causes a necessary escalation in the hardware cheat arms race, one that shuts down a whole category of previously untouchable tricks and makes cheating a lot more expensive. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday in my conversation with Darren Meyer, security research advocate at Checkmarks. The research we're discussing is titled Bypassing AI Agent Defenses with Lies in the Loop. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester. With original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Idra Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week. And Doug, here we have the Limu Emu in its natural habitat, helping people customize their car insurance and save hundreds with Liberty Mutual. Fascinating. It's accompanied by his natural ally, Doug.

A (28:12)

Uh, Limu is that guy with the binoculars watching us?

B (28:15)

Cut the camera. They see us. Only pay for what you need@libertymutual.com Liberty. Liberty. Liberty. Liberty Savings Fairy. Underwritten by Liberty Mutual Insurance Company and affiliates. Excludes Massachusetts.