Appropriate Methods for Automating the Detection of Data Leakage Prevention Events

Abstract

In Data Leakage Prevention (DLP), human analysts inspect the legitimacy of suspicious file transfers, which are called alerts. First, the data in question is classified. Then, the transfer context is assessed. After this, the analyst decides whether the alert is classified as an incident or a False Positive event. This process is widely known as triage. It is monotonous, costly, and resource-intensive. Thereby, the analyst also has access to highly sensitive data of an organization.

So, on the one hand, DLP is a substantial challenge in today's organizations.

On the other hand, significant progress has been made in specific areas of technology over the last few years. Apart from developments in DLP, Artificial Intelligence (AI) hasmadeconsiderable achievements since itwas first conceptualized in the context of computers in 1956. Large Language Models (LLMs), such as ChatGPT by OpenAI, Gemini by Google, and Claude by Anthropic, have caused significant disruption.

Therefore, the following question arises: could modern DLP software utilize AI to automate the triage process?

If possible, it could significantly enhance the quality of DLP practices and take work from the much-needed human resources in cybersecurity. Furthermore, DLP systems (usually used in bigger organizations today) could become more attractive and, more specifically, affordable for small- and medium-sized organizations.