In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on “Netskope Data Loss Prevention for Sentiment Analysis” can be found below. Feel free to comment and continue the discussion!
📽 Watch on-demand 🍿
Q: If we are creating keywords in English, will the dictionary be captured in all regional languages?
A: No, I think it would just be for the keywords which are specified within the framework. So as far as regional languages, we'll have to check internally if we are supporting those.
Q: When creating and deploying a DLP policy for AI, can you provide some tips on how to identify false positives in the Alerts?
A: It involves extensive analysis of the incidence and forensic data because this is something that is a challenge for us as well whenever we implement a new DLP framework or a policy. So, we take a step by step approach where the first few weeks we apply to specific user groups, wherein we perform active testing to include all corner use cases as much as possible and look at the efficacy of the DLP rule and make any changes to the DLP rule based on the incidents and the forensics.
Once all that is done, we go ahead and apply the DLP profile to a wider set of audience so that the SOC teams are not hammered with a lot of false positives. And again, it's about continuously improving our detections as much as possible.
The implementation team has frequent calls with the SOC team to get their feedback and opinion about how different DLP rules are performing. Netskope's Advanced Analytics is also a great tool which can be used to help reduce the false positives because we can do a profile level check. Wherever there seems to be unusually high numbers of incidents which are not matching up with the forensics data or with the original use case, is where we need to put a lot more effort as implementers and work on the false positives. So, it is an extensive loop mechanism that we usually follow.
Q: When creating DLP policy for shopping websites, we can see false positives getting generated when Netskope detects random strings of numbers, such as SSN. Any suggestion to further granulate the DLP profiles to prevent this from happening or reducing the false positives?
A: So, this is something that we faced initially as well while we were implementing these. I would say applying EDM based DLP rules, exact data match would be helpful in this scenario.
We would have to sit down and talk with our HRA admin and then get the EDM data appropriately and later use it within the policy to bring down the incidence of false positives.
Q: Can this be integrated with MS Teams?
A: As long as you are steering Teams traffic, you should definitely be able to. Please reach out to Support or your TAM to see what you can do with that one.
Q: For the Exchange mail policy, is there a way to export recipient data?
A: If you have SMTP DLP inline, you should be able to get a list of events that have been going through there. Also, if you have the forensics configured for Netskope DLP, then all of the DLP incidents will be tracked in the forensics folder, which you can navigate within the Netskope tenant to look at the recipient data.
Q: Can it also analyze AI responses or just the user input data?
A: As of now, visibility from the Netskope side is for user queries and not the responses which are sent by generative AI applications because the analysis will also be for user queries and not the generative AI responses. So it again depends on whether we have the visibility for any given activity.
Q: Monitoring user queries—even for sentiment—can raise ethical and legal issues and maybe hinder users or productivity. How do you solve for this?
A: I agree. We definitely have to be careful with what we're doing because we don't want to hinder the business productivity. For analytical and legal, I suggest working with your legal and privacy teams.
Q: How about agents? The interaction? Something we can enforce there?
A: As long as Netskope is receiving the traffic from the agent and there are connectors for this application, DLP should be possible.
Q: Can you provide another sample use case on how sentiment can be used from a security standpoint?
A: One that is top of mind is, disgruntled employees looking for insider threat. So maybe you're not coaching, but just doing some analysis in the background, and see "this person really hates working here," maybe we can reach out and get some help or something.
Q: What is the legality of such detections?
A: As always, my favorite answer in cybersecurity is "it depends."
It depends on region, depends on your company, depends on the industry, what regulations are you under, etc. So, I suggest working with your legal or privacy team. If you have a privacy officer, that's been a rich source of information for us as we're building stuff out.
Q: How can the DLP policies be applied to the following platforms: OpenAI, Copilot, Harvey AI, and CoCounsel?
A: Similar to the generative AI category that we applied, we can use the generic category for the DLP policy or include specific applications for which Netskope supports in terms of connectors. So as long as we have predefined connectors, we can use them—or we can also build custom connectors—for generative AI applications individually or use the category itself.
When it comes to DLP policies, we can use the predefined policies for commonly used compliance standards and regulations like PCI, PII, or we can also come up with customized DLP rules.
Q: How to detect social media trolling or abusive messages?
A: Similar to the positive and negative sentiments, we can have a specific dataset that includes commonly used keywords or negative sentiments expressed in our social media, trolling messages, or user messages. Once that is done, we can apply it to any category.
It could be within the social media category or it could be within generative AI or professional networking site. It depends on our use case and where we want to apply this, so just have the DLP policy in place for that particular category.
Q: What AI control capabilities are there with standard SWG?
A: We can apply DLP and access control restrictions to any web traffic as long as Netskope is having predefined or custom connectors for the specific web app.
Q: What is the best practice or practices for blocking the sending of sensitive data to generative AI category sites?
A: You can utilize the same type of framework we shared during the webinar. It just depends on what your definition of "sensitive" is. Apart from the compliance frameworks itself, we can also include password category and source code detections along with API secret keys within the DLP rule. Since they may be specific to your environment, we can certainly include those within the DLP rule for good detection of sensitive data.
There's also advanced features like exact data matching. So if you say "this is my sensitive data pool," you can actually hash that data pool and watch for movement on that and have it detected specifically.
View past events in this series!
Some responses above contain roadmap items. These are intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Netskope’s products remains at the sole discretion of Netskope.
