Summary

Risky Bulletin Podcast Summary

Podcast Information

Title: Risky Bulletin
Host/Author: risky.biz
Episode: RBTALKS5: How Pfizer uses AI to detect insider risk
Release Date: December 20, 2024

Introduction

In the fifth episode of Risky Bulletin Talks (RBTALKS5), host Catalina Campano engages in an insightful conversation with Brian A. Coleman, the Senior Director for Insider Risk, Information Security, and Digital Forensics at Pfizer. This episode delves into Pfizer's innovative use of Artificial Intelligence (AI) to enhance their insider risk detection and management strategies.

AI Integration at Pfizer

Brian Coleman elaborates on Pfizer's strategic incorporation of AI into their cybersecurity frameworks. The primary motivation behind this integration is the necessity to "respond quicker" and "understand data related to the matters we were investigating" (01:03).

Document Categorization and Summarization:

Pfizer leverages language models to categorize various types of documents, such as HR files, pay stubs, and scientific documents. This categorization aids in "document summarization," enabling analysts to receive concise and relevant summaries rather than sifting through thousands of documents manually.

"If we can train the models and the language models as well as the AI to help us summarize that, I now come to a business owner with a more intelligent set of facts around what happened." (01:03)
Reducing False Positives:

By integrating AI with traditional Data Loss Prevention (DLP) systems, Pfizer aims to minimize false positives. This ensures that analysts can focus on high-priority issues without being overwhelmed by irrelevant alerts.

"We're leveraging the DLP with the language models that will then help us respond more quickly to true high priority matters." (02:59)

Implementation Process

Implementing AI at Pfizer is a meticulous process that extends beyond deploying off-the-shelf tools. Brian emphasizes the importance of customizing AI models to fit Pfizer's unique data environment.

Customization and Training:

Pfizer has been developing and implementing their AI-driven solutions for approximately four to five months within an eight-month conceptual framework.

"We have been about four or five months developing it and implementing and trying to, to get the right responses back from the language models and the systems." (07:20)
Not Plug-and-Play:

The integration is not a simple plug-and-play solution. Instead, it requires significant time and resources to tailor the AI models to Pfizer's specific needs.

"It's not just a plug and play solution... creating our own custom on top of the, you know, and kind of supplementing the basic ones." (05:47)

Benefits and Impact

The implementation of AI has yielded several tangible benefits for Pfizer's security and legal teams.

Enhanced Efficiency:

By summarizing large volumes of documents, AI reduces the time analysts spend on triage, allowing them to prioritize critical incidents effectively.

"Time to decision on the importance of the data... those numbers would significantly drop if you're asking someone to review, you know, 5 or 10 or 20 documents versus 1500 or 3000 documents." (12:24)
Support for Incident Handlers:

AI-generated summaries aid incident handlers by providing quick insights, thereby accelerating the response process.

"It now can summarize some of those documents that might have taken, you know, days and hours to go through in some capacity." (09:09)
Cross-Departmental Benefits:

The reduction in false positives not only streamlines the security team's workflow but also benefits the legal team by freeing up resources to focus on more substantial issues.

"It helps them make a more, you know, informed decision about, you know, how, how serious is this is this event that we're looking at." (10:21)

Challenges and Considerations

Despite the promising advancements, Pfizer faces several challenges in integrating AI into their cybersecurity operations.

Reliance on Accurate Data:

The effectiveness of AI models hinges on the quality and relevance of the data they are trained on. Brian cautions against over-reliance on AI outputs without proper validation.

"If people rely 100% on what is returned without... making sure that it's validated... it just helps our investigations, our matters, our alerts become that much better." (10:36)
Resource Intensive:

The AI integration process demands significant human resources and financial investment, especially for large-scale operations.

"It's definitely an investment of human hours for sure with no real... until you get to a point of where you start seeing analyst triage time, time to remediation, kind of all of those time metrics that we're going to measure start decreasing." (15:40)
Early Stage Metrics:

Pfizer is still in the early stages of evaluating the AI tool's effectiveness. Current metrics show a 10% potential reduction in analyst workload, with expectations of improvement as the models learn and adapt.

"We're seeing about a 10% of the time where the analyst rejected and the model said reject it." (12:24)

Future Directions

Looking ahead, Pfizer aims to evolve their AI capabilities from a reactive stance to a more proactive approach in insider risk management.

Proactive Data Protection:

The goal is to "protect the data before it leaves the company" by identifying and securing sensitive information across various repositories.

"We're going to take that build on kind of what we learned and become more proactive so that you're stopping it before the data actually even leaves the company." (05:54)
Asset Discovery and Intellectual Property Protection:

AI will play a crucial role in discovering assets and safeguarding intellectual property by identifying unauthorized document distributions.

"This has benefits for your legal team as well, not just your security team because they get clearer alerts, they don't waste their time on false positives." (08:56)
Enhanced Security Controls:

Future initiatives include tightening controls around Pfizer's most valuable intellectual property and ensuring proper data sensitivity labels across all platforms.

"We're now going to say, okay, this document is sitting out in a repository where it should maybe have a different setting of permissions." (17:18)

Conclusion

The dialogue between Catalina Campano and Brian A. Coleman provides a comprehensive look into how Pfizer is harnessing AI to revolutionize their insider risk detection and management. By meticulously tailoring AI models to their specific needs, Pfizer not only enhances their cybersecurity posture but also sets a precedent for other organizations aiming to leverage AI in safeguarding sensitive information. As AI continues to evolve, Pfizer's proactive and informed approach underscores the critical balance between technological innovation and human expertise in the realm of cybersecurity.

Notable Quotes

"I thought it was a breath of fresh air to hear from somebody using AI without any hidden selling points." — Catalina Campano (00:22)
"It's just another piece of data that an analyst should use. It is not the end all answer." — Brian A. Coleman (10:36)
"AI can solve everything, you know, sales pitch from everyone because I think it's, there's a danger in relying on it too much." — Brian A. Coleman (07:46)
"This is, this is more where, where I think, you know, teams like, like mine can leverage. It is summarization, right? Data summarization." — Brian A. Coleman (21:45)

Disclaimer: This summary is based on the transcript provided and aims to encapsulate the key discussions and insights shared during the podcast episode.

Summary

Risky Bulletin Podcast Summary

Podcast Information

Title: Risky Bulletin
Host/Author: risky.biz
Episode: RBTALKS5: How Pfizer uses AI to detect insider risk
Release Date: December 20, 2024

Introduction

AI Integration at Pfizer

Document Categorization and Summarization:

Pfizer leverages language models to categorize various types of documents, such as HR files, pay stubs, and scientific documents. This categorization aids in "document summarization," enabling analysts to receive concise and relevant summaries rather than sifting through thousands of documents manually.

"If we can train the models and the language models as well as the AI to help us summarize that, I now come to a business owner with a more intelligent set of facts around what happened." (01:03)
Reducing False Positives:

By integrating AI with traditional Data Loss Prevention (DLP) systems, Pfizer aims to minimize false positives. This ensures that analysts can focus on high-priority issues without being overwhelmed by irrelevant alerts.

"We're leveraging the DLP with the language models that will then help us respond more quickly to true high priority matters." (02:59)

Implementation Process

Implementing AI at Pfizer is a meticulous process that extends beyond deploying off-the-shelf tools. Brian emphasizes the importance of customizing AI models to fit Pfizer's unique data environment.

Customization and Training:

Pfizer has been developing and implementing their AI-driven solutions for approximately four to five months within an eight-month conceptual framework.

"We have been about four or five months developing it and implementing and trying to, to get the right responses back from the language models and the systems." (07:20)
Not Plug-and-Play:

The integration is not a simple plug-and-play solution. Instead, it requires significant time and resources to tailor the AI models to Pfizer's specific needs.

"It's not just a plug and play solution... creating our own custom on top of the, you know, and kind of supplementing the basic ones." (05:47)

Benefits and Impact

The implementation of AI has yielded several tangible benefits for Pfizer's security and legal teams.

Enhanced Efficiency:

By summarizing large volumes of documents, AI reduces the time analysts spend on triage, allowing them to prioritize critical incidents effectively.

"Time to decision on the importance of the data... those numbers would significantly drop if you're asking someone to review, you know, 5 or 10 or 20 documents versus 1500 or 3000 documents." (12:24)
Support for Incident Handlers:

AI-generated summaries aid incident handlers by providing quick insights, thereby accelerating the response process.

"It now can summarize some of those documents that might have taken, you know, days and hours to go through in some capacity." (09:09)
Cross-Departmental Benefits:

The reduction in false positives not only streamlines the security team's workflow but also benefits the legal team by freeing up resources to focus on more substantial issues.

"It helps them make a more, you know, informed decision about, you know, how, how serious is this is this event that we're looking at." (10:21)

Challenges and Considerations

Despite the promising advancements, Pfizer faces several challenges in integrating AI into their cybersecurity operations.

Reliance on Accurate Data:

The effectiveness of AI models hinges on the quality and relevance of the data they are trained on. Brian cautions against over-reliance on AI outputs without proper validation.

"If people rely 100% on what is returned without... making sure that it's validated... it just helps our investigations, our matters, our alerts become that much better." (10:36)
Resource Intensive:

The AI integration process demands significant human resources and financial investment, especially for large-scale operations.

"It's definitely an investment of human hours for sure with no real... until you get to a point of where you start seeing analyst triage time, time to remediation, kind of all of those time metrics that we're going to measure start decreasing." (15:40)
Early Stage Metrics:

Pfizer is still in the early stages of evaluating the AI tool's effectiveness. Current metrics show a 10% potential reduction in analyst workload, with expectations of improvement as the models learn and adapt.

"We're seeing about a 10% of the time where the analyst rejected and the model said reject it." (12:24)

Future Directions

Looking ahead, Pfizer aims to evolve their AI capabilities from a reactive stance to a more proactive approach in insider risk management.

Proactive Data Protection:

The goal is to "protect the data before it leaves the company" by identifying and securing sensitive information across various repositories.

"We're going to take that build on kind of what we learned and become more proactive so that you're stopping it before the data actually even leaves the company." (05:54)
Asset Discovery and Intellectual Property Protection:

AI will play a crucial role in discovering assets and safeguarding intellectual property by identifying unauthorized document distributions.

"This has benefits for your legal team as well, not just your security team because they get clearer alerts, they don't waste their time on false positives." (08:56)
Enhanced Security Controls:

Future initiatives include tightening controls around Pfizer's most valuable intellectual property and ensuring proper data sensitivity labels across all platforms.

"We're now going to say, okay, this document is sitting out in a repository where it should maybe have a different setting of permissions." (17:18)

Conclusion

Notable Quotes

"I thought it was a breath of fresh air to hear from somebody using AI without any hidden selling points." — Catalina Campano (00:22)
"It's just another piece of data that an analyst should use. It is not the end all answer." — Brian A. Coleman (10:36)
"AI can solve everything, you know, sales pitch from everyone because I think it's, there's a danger in relying on it too much." — Brian A. Coleman (07:46)
"This is, this is more where, where I think, you know, teams like, like mine can leverage. It is summarization, right? Data summarization." — Brian A. Coleman (21:45)

Disclaimer: This summary is based on the transcript provided and aims to encapsulate the key discussions and insights shared during the podcast episode.

wavePod

RBTALKS5: How Pfizer uses AI to detect insider risk

Powered by Wave AI

Summary

Summary