Work From Home

What’s the Best Way to Stop GenAI Data Loss? Take a Human-Centric Approach

Share with your network!

Chief information security officers (CISOs) face a daunting challenge as they work to integrate generative AI (GenAI) tools into business workflows. Robust data protection measures are important to protect sensitive data from being leaked through GenAI tools. But CISOs can’t just block access to GenAI tools entirely. They must find ways to give users access because these tools increase productivity and drive innovation. Unfortunately, legacy data loss prevention (DLP) tools can’t help with achieving the delicate balance between security and usability.  

Today’s release of Proofpoint DLP Transform changes all that. It provides a modern alternative to legacy DLP tools in a single, economically attractive package. Its innovative features help CISOs strike the right balance between protecting data and usability. It’s the latest addition to our award-winning DLP solution, which was recognized as a 2024 Gartner® Peer Insights™ Customers’ Choice for Data Loss Prevention. Proofpoint was the only vendor that placed in the upper right “Customers’ Choice” Quadrant. 

In this blog, we’ll dig into some of our latest research about GenAI and data loss risks. And we’ll explain how Proofpoint DLP Transform provides you with a human-centric approach to reduce those risks. 

GenAI increases data loss risks 

Users can make great leaps in productivity with ChatGPT and other GenAI tools. However, GenAI also introduces a new channel for data loss. Employees often enter confidential data into these tools as they use them to expedite their tasks.  

Security pros are worried, too. Recent Proofpoint research shows that: 

A big problem faced by CISOs is that legacy DLP tools can’t capture user behavior and respond to natural language processing-based user interfaces. This leaves security gaps. That’s why they often use blunt tools like web filtering to block employees from using GenAI apps altogether.  

You can’t enforce acceptable use policies for GenAI if you don’t understand your content and how employees are interacting with it. If you want your employees to use these tools without putting your data security at risk, you need to take a human-centric approach to data loss. 

A human-centric approach stops data loss 

With a human-centric approach, you can detect data loss risk across endpoints and cloud apps like Microsoft 365, Google Workspace and Salesforce with speed. Insights into user intent allow you to move fast and take the right steps to respond to data risk. 

Proofpoint DLP Transform takes a human-centric approach to solving the security gaps with GenAI. It understands employee behavior as well as the data that they are handling. It surgically allows and disallows employees to use GenAI tools such as OpenAI ChatGPT and Google Gemini based on employee behavior and content inputs, even if the data has been manipulated or has gone through multiple channels (email, web, endpoint or cloud) before reaching it.  

Proofpoint DLP Transform accurately identifies sensitive content using classical content and LLM-powered data classifiers and provides deep visibility into user behavior. This added context enables analysts to reach high-fidelity verdicts about data risk across all key channels including email, cloud, and managed and unmanaged endpoints. 

With a unified console and powerful analytics, Proofpoint DLP Transform can accelerate incident resolution natively or as part of the security operations (SOC) ecosystem. It is built on a cloud-native architecture and features modern privacy controls. Its lightweight and highly stable user-mode agent is unique in its ability to detect data loss while also providing more visibility to potential insider threats. 

Here’s what you can expect: 

Monitor user interactions 

Proofpoint DLP Transform monitors how users interact with data across managed and unmanaged endpoints and the cloud. It detects and prevents sensitive data exfiltration, such as when a user tries to copy files to an unauthorized USB or upload files to a personal cloud folder.  

Our solution provides visibility into GenAI app use across your environments and can detect, block and alert on many types of actions. This includes the uploading of source code files and the pasting of corporate intellectual property. End users may also be provided reminders or nudges of corporate acceptable usage policies to reinforce adherence to such policies. In other words, Proofpoint DLP Transform automates the alignment of data usage with your acceptable use policies. And that means employees can use GenAI tools without accidentally violating your security measures.  

Identify sensitive content 

Proofpoint DLP Transform uses advanced methods to identify content so that you can protect your data more effectively. Say that your business is a healthcare provider. You can use exact data matching and optical character recognition in the cloud to detect medical record numbers in images. This, in turn, helps you to reduce false positives and negatives. 

Armed with added context, your security analysts can reach high-fidelity verdicts about data risk across all key channels—email, cloud, and managed and unmanaged endpoints. 

Accelerate incident resolution 

Proofpoint DLP Transform has a unified console that provides powerful analytics. This helps you speed up incident resolution. It’s built on cloud-native architecture and features modern privacy controls. It also has a lightweight and highly stable user-mode agent which has the unique ability to detect data loss and elevate visibility into potential insider threats.  

Figure 1

DLP analysts can view a cross-channel list of alerts in DLP Transform’s analytics app. 

Security teams that use legacy or siloed DLP tools often have to investigate incidents and violations for extended periods. Proofpoint DLP Transform gathers telemetry from the cloud and endpoints. Then, it can integrate that data with Proofpoint Email DLP to provide cross-channel visibility into data risk in a single console. This helps your teams to streamline alert triage, investigations and response across channels. 

Figure 2

The DLP analyst can drill down to examine the details of an alert to review the DLP indicators. 

Manage risks proactively 

You can use the Proofpoint DLP Transform console to build custom explorations that allow your teams to manage data risks proactively. You can search for data exfiltration and other risky activities associated with new GenAI tools. It also provides a timeline view of user activities so you can understand the who, what, where, when and why behind each security incident. 

Upcoming innovations 

Several enhancements to Proofpoint DLP Transform will be released in the weeks ahead. Here’s a preview. 

Figure 3

Proofpoint DLP Transform enforces GenAI Acceptable use policies by surgically allowing or disallowing certain user interactions. 

Acceptable use of AI 

Proofpoint DLP Transform’s browser extension applies rules that control a user’s ability to paste or upload sensitive content into tools like ChatGPT and Google Gemini. It parses content typed into the chatbot in real time and matches it with sensitive data detectors and classifiers. When a user pastes sensitive data into a GenAI tool, they may be: 

  • Asked to justify the action 
  • Warned about the need to adhere to corporate acceptable use policies 
  • Prevented from submitting the prompt 

Figure 4

LLM classifiers can protect newly created content without classifying sensitive content. 

LLM-powered classification 

You can create DLP policies with large language model (LLM) classifiers that protect newly developed content. This helps you quickly safeguard sensitive content without prior classification—and save time. And by combining LLM classifiers with pattern matching you will reduce false positives. 

For example, you can use Proofpoint DLP Transform to set policies that allow the members of one team to share sensitive documents. But when those users try to share the same documents with the members of other teams, you can ensure that permissions are remediated automatically and set to private.  

Figure 5

In this example, an analyst explores activities that involve content in the business category “Client-Customer.” 

Accelerate triage and investigations of DLP alerts with LLM classifiers 

Proofpoint DLP Transform provides LLM-enriched alerts that indicate the content categories of documents. This helps your analysts to accelerate triage and investigations. For instance, if an alert is triggered by Social Security number pattern matching, Proofpoint DLP Transform can indicate whether that document relates to income tax, a patient form or a credit application. LLM classifiers enrich alerts even if the detection rule is based only on pattern matching. 

Dynamic policies for visibility and control 

With Proofpoint DLP transform, administrators can define when to scale visibility and control policies up or down, saving analysts’ time and reducing false positives. When a user triggers a risky condition, the system will adapt to increase user monitoring, including visual capture. If a user opens a TOR browser, for example, it will dynamically step up monitoring of that user. That monitoring can include retroactive visibility into what the user was doing before they engaged in the risky behavior. 

Learn more  

If you want more details about Proofpoint DLP Transform and our human-centric approach to stopping data loss, check out our solution brief. It provides more insight into how we can help you transform your DLP program and architecture. Plus, you can see the key benefits of taking a modern approach to DLP.