Feb 12, 2024

Meet Ai³, the First AI Assistant Created for Insider Risk Management

5

At DTEX, we have always been hyper-focused on using behavioral science to help organizations better understand the human elements of insider risk. Today we are using that focus to drive insider risk management to the next level with the introduction of AI-enabled insider risk investigations. Our new generative AI risk assistant for DTEX InTERCEPT fast-tracks effective insider investigations and decision making and helps to prevent data loss.

The DTEX Ai³ Risk Assistant, abbreviated Ai³ for AI-assisted insider risk investigations, processes natural language to provide quick and comprehensive insight into the complicated nature of insider risk and intent. The assistant draws on rich behavioral metadata and risk modeling from InTERCEPT to provide guided investigations that empower analysts to ask pointed questions like where sensitive data is going, who is accessing it, and most importantly, why. This is key because the ‘why’ helps determine an appropriate response.

“Insider risk investigations are much more nuanced than a typical malware investigation and require security analysts to have both the technical aptitude and human investigative domain knowledge to be effective. Ai3 Risk Assistant delivers an experience where users are adeptly guided to the right data at the right time,” Rajan Koo, CTO, DTEX Systems.

Not Just Another Co-Pilot

What sets Ai³ apart isn’t artificial intelligence, but the data science behind it. DTEX’s innovative approach to data collection and behavioral enrichment means sophisticated insider risks no longer fall through the cracks. As the insider risk subject matter expert, the DTEX Ai³ Risk Assistant draws on several principles:

Let Good Data Speak for Itself

DTEX is built on the principle of letting good data speak for itself. Ai3 takes advantage of DTEX domain knowledge. It understands query language and has access to our insider risk research, analyst training, and DTEX Threat Advisories. With this, Ai3 synthesizes large amounts of information into digestible, context-rich, human-centric insights to answer complex questions and guide users to well-informed decisions.


Contextual Adaptation and Insights

Based on data-backed, in-context interpretation of user intent, Ai3 produces remarkable results through scenario-specific prompts that guide understanding and next steps for investigations. This significantly reduces time-to-insight and can reduce overall insider threat investigation time by between 60-90%, depending on the skill level of the analyst. Context is the driving force for Ai3’s response quality and accuracy.

Ai3 holds a range of skills that analysts can use to immediately focus the conversation, using the @’skills’ mention that parallels the @GPT updates from OpenAI. When Ai3 is given the @docs mention at the start of the query, the assistant focuses on DTEX InTERCEPT documentation to provide a response.

It Takes a Village of LLMs

Our approach to generative AI uses an array of large language models (LLMs), blending the best of GPT-3.5 and GPT-4 and working together to provide a comprehensive solution. This collective intelligence allows for the fastest model to do the job and power answers. Our mantra is simple: things should be easy, hard things should be possible.

Privacy by Design

The DTEX Ai³ Risk Assistant uses the power of proven large language model technology, via Microsoft Azure Open AI. It does not have direct access to the internet and continues to support the DTEX InTERCEPT platform’s ability to protect user identity and datasets through patented Pseudonymization techniques for data privacy requirements and to redact personally identifiable information (PII) where necessary, while keeping security teams informed.

Based on hundreds of customer investigations and engagements, the DTEX data science team identified common insider investigation challenges that Ai3 can solve. In three examples, we will show how Ai3 puts behavioral data analysis in the hands of analysts to simplify and expedite complex insider threat investigations and empower every user—from the junior analyst to security expert—to investigate the most pressing insider risks.

Example 1: Identifying High-Risk Users Fast

Ai3 provides quick insight on high-risk behaviors indicative of insider threats. An analyst can ask, “who are the riskiest users?”. Ai3 parses through the organization’s data and compiles a list of users, ranking them by risk score.

Asking Ai3 about a particular user’s risk score will then produce a thorough summary of the user’s behavior and assess the likelihood that someone has acted with intent, categorizing activity under malicious, non-malicious, or compromised. Armed with this information, analysts can then quickly discern which users to click into to get more information. To collect this data manually would take over an hour. Now it’s a matter of seconds.


Video: Searching for risky users.

Example 2: A Deep Dive into PowerShell Script Interactions

Ai3 can analyze interactions with PowerShell scripts—frequently used for administrative purposes but also for malicious intent. An analyst can ask, “who are the users interacting with PowerShell scripts?”. Ai3 quickly identifies users and quantifies their interactions, ranking them by activity. Remarkably, the top user registered 22,274 interactions, signaling anomalous behavior when compared to his or her peers and undoubtedly an area for investigation.

Next, Ai3 can examine the pattern of these interactions. Asking, “what hours of the day did these interactions occur?” spotlights interaction peaks. An abnormal spike at 2PM suggests further scrutiny is necessary.

Diving deeper, Ai3 can return specific user-script interactions and reveal operational patterns that raise alarms if the activity deviates from the norm, indicating a security incident.


Video: Searching for PowerShell interactions.

Example 3: InTERCEPT Platform Help

Ai3 can help analysts use the InTERCEPT platform more efficiently. An analyst can ask, “how do I change anomaly detection settings?”. Ai3 provides summary guidance on next steps and links out to the relevant section of full documentation, streamlining the process and saving critical time. Additional suggestions give analysts the help they need, like how to triage alerts or pointers to training videos.


Video: Finding help with DTEX InTERCEPT documentation.

A New Frontier for Insider Risk Management

Insider risks are becoming increasingly costly, with the average annual cost now surpassing $16M. The 2023 Cost of Insider Risks Global Study found that it takes 86 days on average to contain an insider incident–and the longer it takes to contain, the higher the cost. The same study found that 64% of organizations view AI as “essential” or “very important” in the proactive detection of insider risks.

The merging of human behavior with the speed and scale of AI opens new frontiers in insider risk management. Ai3 is not just an incremental improvement in technology; it’s a leap forward in insider threat detection. It gives risk and security teams an intelligent, user-friendly interface to enhance their ability to proactively detect and deter internal risks, quickly and easily.

DTEX Ai³ Risk Assistant is currently available ‘in preview’ to select DTEX customers.

As the global leader for insider risk management, DTEX unifies data science with AI and behavioral psychology to proactively stop insider risks from materializing into data loss events. Our purpose-built InTERCEPT platform operates at the intersection of Data Loss Prevention, User Activity Monitoring and User Behavior Analytics to surface potential risk indicators for the early detection and mitigation of insider risks. Aiis the natural evolution of InTERCEPT, building on 20 years of insider risk experience to guide investigations with unprecedented skill and speed. Contact us for a demo of InTERCEPT and Ai³ today.

Subscribe today to stay informed and get regular updates from DTEX Systems