Blog

Uncover Insights and Mitigate Risk with Netskope Advanced Analytics & Gen AI

  • 18 March 2024
  • 1 reply
  • 396 views
Uncover Insights and Mitigate Risk with Netskope Advanced Analytics & Gen AI
Userlevel 4
Badge +16

In today’s fast paced life we are being inundated with advances in technology which sometimes outpace our ability to process and keep up with. In this article we are going to:

  • Discover the use of Generative AI within our organization;
  • Influence Real-time Policy creation to promote user adherence and behavior to policies;
  • Guide Generative AI Vendor/Application requirements;
  • Build reports and dashboards that help identify and prioritize security risks; and,.
  • Help us build a better product through self-reporting within the platform.

*augmented with the assistance of Generative AI

The use of Generative AI has become extremely pervasive and grown at a rate that has left a lot of us wondering where it came from and how we got along without it in the past. A great example of this are the bullet points listed above.

I got to thinking about using Gen AI to augment the bullet points and a title slide for a presentation on uncovering the insights of Gen AI. I realized the irony of the situation. It dawned on me that I should use Gen AI to determine if there was in fact irony in this situation….there is! It dawned on me that thinking of irony in this situation was ironic…which leads me to believe that we are at irony^infinity.

That whole conversation in my head and with a Gen AI application reminded me of a cartoon I saw a long time ago by XKCD titled “Irony”, located at https://xkcd.com/6/ 

 

IRONY 

AMljNIryulmL__E_KzzaG_hxJ-LH1GLwGDfbSalXAXH9EIa1D17FvTfPeZYALI97sSCQrWGQNTFzG0TEemyGYZfR8t35Sr_Zik0Cr8_slQ4eFQHPbLXQ7u68s5qGaSQYS4ZrDiaBDW5n50wSP6_ItJk

 

Gen AI’s use has become quickly ingrained in what we do and how we think. I believe this is due in part to how we interact with technology-ability to summarize and piece together answers as well as its conversational style which lends itself to asking more questions. We are asking questions which are ultimately more complex than what we would ask of any search engine. I could have asked Google if something was ironic and received numerous sites that defined irony or directed me to sites that had no relevance but instead chose a Gen AI application since it was more intelligible.

 

Back to the future…Generalized Categories of Generative AI

With any “conversation” there is an end goal in mind and that end goal with Gen AI is inherently based on the destination application or service used.

A text based application like ChatGPT would be able to handle coding questions but is not geared toward the development of code itself. ChatGPT might be able to handle basic data augmentation but that is not what its speciality happens to be.  We use the appropriate tool for the right job.

At the moment there are generalized categories that we can use to summarize capabilities and expected outputs of the tools.

  • Text Based: ChatGPT, Google Gemini/Bard, jasper.ai, & now Bing
    Language models like GPT-3 are capable of generating human-like text based on a given prompt. These models can generate stories, articles, poems, and even code snippets based on the input they receive. They have been used for creative writing, content generation, and chatbot applications.
  • Coding Development: Github Copilot & alphacode.deepmind.com
    Generative AI models can be used to assist in coding tasks. For example, code completion models can generate code suggestions based on partial input, helping developers write code more efficiently. Models can also be trained to generate code snippets or templates for specific tasks or programming languages.
  • Data Augmentation: NVIDIA StyleGAN & Augmentor(python library)
    Generative AI can be used to augment datasets for training machine learning models. By generating new synthetic data, it helps to increase the diversity and quantity of training samples, which can improve model performance.
  • Image Synthesis: synthesis.ai & jasper.ai
    Generative models can generate lifelike images, revolutionizing fields such as art, design, and advertising.
  • Music Composition: musicstar.ai & soundraw.io
    Leveraging generative models, musicians and composers can explore novel melodies, harmonies, and even compose complete musical pieces.

https://www.netskope.com/security-defined/what-is-generative-ai 

 

What makes covering the generalized categories of Gen AI Important?

It gives us an idea of what groups might be prone to use one form over another. These categories are relevant to the business and job functions within the organization. For example, based on security engineer job requirements, there is little to no use of data augmentation, image synthesis, or music composition. Therefore, we would not expect nor should we anticipate that the following applications would be used: NVIDIA StyleGAN, synthesis.ai, or soundraw.io

Following the example of the security engineer and job requirements, if there is an uptick in the use of data augmentation, image synthesis, or music composition applications there should be cause for concern. Especially if the applications are those which are not sanctioned for use within the company.

Even with applications that have been sanctioned, particular attention is warranted with dynamic changes in their use. This is especially important as the number of SaaS applications start to enable new features with leverage Gen AI and subsequent applications are added to categories. New features are added more often than one is led to believe as some of the changes are significant with a notification by the vendor.

One example of this is the tight integration of Google AI within news feeds or Google Maps incorporating a search with AI.

14loM6YHLRaqzRIymRoE6hFZyLm3FcHQ-T12x24J178HKcOEDDymjuGF1hdvL7z2NlUshynM06daFigYQ1DAto7ML4y6MImc89X8m7bTjb5OCV2PEPXljJGd4iozQuo_AiYbTkkJQE01ahK37saG8UU

Yet, another example of this is Clari which is used by marketing/sales teams. Clari itself is not a Gen AI application. However the product Wingman was developed or acquired by Clari and subsequently bundled into their service offering at https://copilot.clari.com

 

Using Netskope Advanced Analytics: Detect App | Instance | Activity

Netskope’s Advanced Analytics helps to shed light on Gen AI use categorically as well as applications we are starting to see in the wild which are part of the category. A portion of this light in the otherwise murky Gen AI use is our ability to discover and report on which groups are using Gen AI applications, the application’s associated instances, activities, and subsequent actions of any Real-Time Policies in use. The necessities when it comes to creating policies and affecting changes within an organization. This comes in handy when using Advanced Analytics during the monitoring and alerting phases with subsequent actions to influence user behavior.

Using the example of Clari and the Marketing or Sales teams above, if we see new applications  in the tenant which weren’t Gen AI at one point then it is safe to assume that there is new functionality in the application itself. If we see that security engineers are starting to use more data augmentation apps, then it too warrants investigation to see if a product vendor has bundled new features into existing applications. If we see that marketing is exclusively using ChatGPT and then shifts to using Claude, we might be able to conclude that Claude offers different services or features that are relevant to their jobs. However, it is important to understand what the Gen AI apps do and their uses to “know” who, what, when, where, and why of use. Along those lines, when a Gen AI bundles new features or announces improvements in speed or accuracy over another vendor, it is important to take note of this and use Advanced Analytics to see the shifts in an organization.

oqyJzIideKG1gB9pMqEGWac3Qk7xS43dRTbHFFqurNMiSr32n2LW_jHcrt9eJSdpCaajVf1zMFnLQmJb2G11fyIC21l0X1uHo2NkIyR69ZJ6EZzCoBk0tyxdT15nMmVQ_wgAtXrQg_2Af1iwf4PSbSw

 

Using Netskope Advanced Analytics: Detect App | Instance | Activity Recommendations

After using Netskope’s Advanced Analytics to discover Gen AI usage in the organization, it is recommended to develop Real-Time Policy SaaS access policies that spawns a user alert when browsing to Gen AI applications. In addition, develop a Real-Time Policy for web access using a custom category that includes the original Gen AI category which should also contain allow and deny URL lists. The allow URL list would be for those suspected of being Gen AI but not categorized as such. The deny URL list would be for those sites which are Gen AI but are understood to be present on the site and impact business functions.

Additionally the web access Real-Time Policy will act as a catch all in case there are changes by the application vendor which alters how traffic is interpreted or “seen” by Netskope. When we make changes to application connectors, we notify everyone in our release notes on https://docs.netskope.com. These are important in case there are additions to actions seen or to correct how we interpret actions of the application after a vendor renders our current connector actions irrelevant. Case in point is the addition of “Advance Constraint Support For Generative AI Apps”.

With our application connectors we have the ability to “see” activities and influence user behaviors. Such behaviors might be influenced when protecting data within a sanctioned/allowed Gen AI application like Github Copilot and a specific instance “owned” by the organization. We would use a Real-Time Policy to handle DLP that allows or alerts on uploading and downloading of source code to a destination for engineers. For the organization as a whole, we would implement a Real-Time Policy to handle DLP on source code that spawns a user alert for downloads which then refers users to an open source review board. Last but not least, we would implement a Real-Time Policy to handle DLP that blocks the upload of source code which then refers users to an acceptable use policy as well as outlining measures taken if an incident occurs.

A basic example of layering Real-Time Policies with ChatGPT and the Generative AI category may be seen below.

 

Using Netskope Advanced Analytics: AI Usage Trends

Analyzing Gen AI usage trends over time is a gauge on how influential Real-Time Policies have been after their implementation as well as the graph’s original intention, analyzing the adoption of Gen AI.

The graphs below may be used in tandem with those used for discovering which groups are using Gen AI applications, the application’s associated instances, activities, and subsequent actions of any Real-Time Policies in use, as seen in a section above.

Take for example the following two graphs. Given the larger scale of time used in the first graph, we are able to see the Gen AI usage landscape and notice that there is a significant number of events starting in August and continuing into October. 

VbvZencybG5n3dALPjPTCH92sQ1b9VT0BRyn5SLuM3o9iOZ9h2LlIpuUMaTfXrwk_1Ki7mqoFF5Q_q2bLJnm8LQtVrneCxvsMpTTl0MsrCue7X2EVa0zSkx4hs-nlvczrmodqxbGn-ytff2Wr5zXEZU

 

Decreasing the timeframe being analyzed will greatly improve readability and give us better insight into application usage.

hXL-t_T0HyV_U4NmT5jqnyyps6YpHEcGixRg3YMVHpSSQY0a_5GBHhcq9AMA-lMqsYa2FXOOYLdV3B0F2uEK_uyLXnqyMY2OvXUeZBcacyugzJdlrTmdV2vZmBd3IOIQ77tCp633ls6bjtU3PA7fM30

 

Look for spikes in traffic which might indicate user movement toward application use within the organization. This movement might be due to:

  • Press release of a new application (Claude 3 - Opus);
  • Acquisition of a new product that incorporates AI where there was once none (Clari Copilot); and,
  • Recent increase in headcount for a specific group (Sales and Marketing, Clari Copilot).

 

We recommend creating Real-Time Policies that spawn user alerts and require justifications. This allows an organization the ability to review those regularly and determine if there is a genuine business case or the need to start using gen AI within a specific business division instead of across the board.

KQHK-o0KS2YdYbS4leqsTYOc2YD61q_v9pbrwzz1Hl1wG0QIoFviBZwc3S5c_L-DSJG3iEzl5Kn2eLCqxGlSboOo0D69tg7prrJSpu70vWwX2d_X24IyletxG7cC3ihrwPHnmOsfQCIqDPrk4esZQwA

 

We can even break down the justification reasons to individuals which is another factor to consider with Gen AI use and business use cases.

2vLRaPoOiT95XjfrX1hWWWDB5-QfQVQFvCMhD9hNFqoGxUgOsID4lExOaI3JKxF6Cox7WqhxmW7tNwJhap91lsZqoVZGObfZk1ZGHQYB_EqJKoND_1YLCeDUXrNb3dBQWSBimmo4WjSOwFwRGz131Ro

 

Another factor to consider is the cloud application by CCL and cloud usage by CCL in comparison to the overall usage. Cloud application by CCL is the number of applications used across the organization while cloud usage by CCL is the number of cloud events. 

NlVju4Bd96m2qBx64XyVfNxvHL5g1E-nPEzR1aprt3v5rxl9_1UCxEMDQBpSZ3xPOlE3jncxfJN7GoxsKrOUtmQGda_iv3Qio1qCB0P_hiwQDcJ2aL3guIm9O22_P4GaSpJJOTDIKh_w0WHfHRF0TQ0oCKdWwXwTLlzqr7R0vewNrZe7Ev7gmHjAPUz6mM9WKpUijwc2yMiPHuXJTvhaiHCr--7M0oQ5C61frBSku5whe7Rx3YwYgyiDNVIslNzm98DId3MJDKklYWZIaEpKO_gXr3S_GKwvM0GiwQs67Khyfk

 

Word of advice, a lot of events don’t necessarily equate to a lot of user activity per se. Anthropic’s Claude chunks texts and increases app activity counts.

u9VGOj05u9SyeMOBU3I_BgAou42huBDs-K-7kAvs4Lc4sq13HV--TOq5cPqR_dBWdPk2oYzJItQcDhUVijbadA4YJZ1DukIwyNZayHtThI_kcAsGi4AH2SAcKMxwEr4p2joy8b5mAx0bPPNTzpxP09k

 

Top 20 Applications by Total Bytes

MD2X5EB0f0ZbQFXWXd4cHadkc4FyLp1r2KCn8nMY-4VuMUq7TVJN6eJMud9jRSnmHo6i_20vFvpNvoGz_5KjfS2G6ztidK0ZxDf9g3dTKCzJ_83pLo5RiYqDDBMg_BpYX0y8JRc094EhaZbkZf2oCK8

Breaking down traffic based on total bytes used and CCL will give an idea of data flow along with the number of events seen in cloud usage by CCL. If you see a large amount of data that is flowing to low CCL applications then start by interviewing persons in the group responsible for their use to determine if it is justified with a business use case. If it is not justified then creating a Real-Time Policy to influence user behavior with user alerts and eventually a block.

 

Gen AI Risk Management

With statistics collected, traffic analyzed, and users on the lookout for behavior influencing Real-Time Policies it is important to take a step back to look at this from the perspective of risk and its subsequent management.

Netskope Advanced Analytics has the ability to help an organization report on Gen AI application use within the guidelines of information reported in the Cloud Confidence Index. By using the categories, their definitions, and displaying all applications across the board, we can provide a comparison so that a decision can be made on what to allow, what not to allow, and a degree to which users are able to access or use the Gen AI application.

 

Data Protection

This category investigates the SaaS app to uncover details about the following capabilities: Data Classification, Encryption, Security Headers, Email Validation, File Sharing, and Public Key Pinning. This category ensures you can enforce policies on your content as necessary, meet your data protection standards, enforce sharing and collaboration restrictions, and guard against attacks.

iKRDfXCtxlzq2mK-remlftcdz0XZ1327LtXsJ8LYQfLkGi-IQfDhNRuQK801jncsBN76tjKCR1EkcLpEgm8Wo2CHMe5bepR7WgZttV9mmN2AWAqMemO5Rs0F0c_hSlba-i_jqSXMK-hieEwr_1K8LCY

 

Certifications and Standards

This category investigates the SaaS app’s Compliance and Data Center Certifications. This category helps you comply with regulations and industry guidance that matters to your business.

TdO24BQNRxyp6ZHxWEaPj6RL1CKY94ivethiT73MjKpnx6M40sE6Iqi1dNhEiX9ZbJt9JuXekSa2--CRi0F8fh9-GiFd0O_s234FF8MzOFEnsTN5l6UfXm592igviRyHCXZ98iRIajkKGBHZzzksdQY

 

Attack Surface Management

This category helps identify the App's susceptibility to cyber threats.

Gm0VNWZ4AajbSFZcdWqFKP9WzGtuY_QHQJapDQqF8LE72DroNyw2WM3zOB9A9dJXiudk1j7tDDEIy27xF9FkCRYyO9m18PVB5bJq3_HgrgDeCeIkrUf416H1xygl_fBDiarBrQ0s4jEiV2zsrh-YqNo

 

Auditability

Netskope investigates the SaaS app to uncover details about the following capabilities: Admin Audit Logs, User Audit Logs, and Data Access Logs. We check whether they are made available to a subscriber for traceability, investigative purposes or to comply with regulatory requirements etc. This category ensures an app meets your auditing requirements as well as proactively informs you of app changes or maintenance windows.

coUExtNhn4un3gvRM83M9K52oZdZrpiX9YW-xE19divmLM1WMhVf0-Nnu8TaZr9H_dck3C5AMPv3hJydZm7guNeaPQWqmmWYxV2uS5O6QjvoGWtpfdZrcsPU5Agw9N8i1k4KY9wSJL2UO2gNcUiVOjs

 

Legal

Netskope investigates the SaaS app to uncover details about how it handles data ownership and privacy when accessed via a browser or mobile device. This category identifies weak spots in your security program that could lead to potential data breaches by clearly understanding how your employees’ privacy is handled by apps on mobile and browsers.

8yVM4bshW49iD7-41pq7xFat6nbiaQKRMmKxACU37kEpG_rd_od6HcileCgT2-ytmy7zuoMFEkAHApEaVjiQKAXaxWMP1KiA5c64eXdUyJgj2YH8M_DsJ2gcLVw9sgoFp7ScCodbA3YeyiaYxnZ1Wck

 

Disaster Recovery and Business Continuity

SOK-8eXecm75N_7VkA5aDweYE9BuPDoOOMOUtOq2LvEVmIAW7EoIbGNv7ZO0lUkpQqN5_b8wD0c1VZce04tyA_qsu5r2vkthxnnn3324v-x_y3ky3XlLc1vmvKToh6P2pAGIpeAC_MUVpkKndsyOJx4

 

In conclusion, Netskope’s Advanced Analytics greatly improves visibility within the organization with the use of Gen AI applications. It's this valuable reporting that gives an organization the upper hand when it comes to Real-Time Policy development and charting new territory in a dynamic environment.  We provide a light at the end of the tunnel when it comes to protecting an organization against the rising tide of Gen AI use across all industries.

 


1 reply

Badge +2

Great dashboard, and I plan on using it as is and modifying a copy for our risk group to look at single applications as well!

 

Reply