Name: Inside Netskope: Netskope Data Loss Prevention for Sentiment Analysis
Uploaded: 2025-07-23T16:01:05.277Z
Duration: 34 min 40 s
Description: Inside Netskope: Netskope Data Loss Prevention for Sentiment Analysis

Transcript for "Inside Netskope: Netskope Data Loss Prevention for Sentiment Analysis": Alright. Working another inside Netskope episode here. We'll hang out for another thirty seconds or so, let people get a moment to join up. Please enjoy the awkward silent. Alrighty. Well, we'll get going here. We don't wanna, you know definitely wanna be respectful of everybody's time that's, jumping in here. And, of course, we'll be available via recording afterwards just in case for anything you might have missed. So welcome to another, you know, edition of Inside Netskope. Today, we'll be covering, Netskope data loss prevention for sentiment analysis, specifically in the area of generative AI, which is a hot topic for everybody these days. So let's, let's get going. You got myself. I'm a I run the, customer zero team here at Netskope. I'm Rob Butler. And, we have one of my my top security engineers, working with us here, Madhur Sudar, which she'll be, actually walking us through the the cool tech ideas that she has come up with and, and we're currently implementing. So good stuff. Few housekeeping things we gotta talk about. These slides will be available, upon request. Just shoot us an email back from through your invite, and, we can shoot them out once, we get done with the the presentation. The recording will be available also. So if you missed anything, you wanna just rehash it, we find a better rec you know, hit it again, maybe I didn't say it right, whatever it might be. That'll be available also. Q and a is available during the event. So if you look over at the the right hand side, you'll see the cool blue panel that has q and a listed on there. And, also, there is a poll with three potential future topics, that we would like everybody to vote on. If you could just jump in there and say, hey, this sounds interesting. That would be really helpful for me or my company or whatever the case may be. And you guys get to decide what we're talking about next. And, also, other topics, just a random thought here. When we do the registrations, we we try to review questions that are sent in with the registration. There we go. To, make sure that we're on on top of, being able to give you good answers. I've also, if you have other topics that are, could be really useful that, you know, maybe we're already doing that we might be able to talk about, throw some ideas in there. We're we're doing our best to, you know, present the best of what we're doing to you guys to to help out, you know, us as a community. But, you know, we're better together. So if you have ideas, please share those with us as well. And this one, this this one, I we threw it in here. We just wanna kinda call it out. It's, the magic quadrant is always something that, like, we're all talking about. It's, it's cool stuff. It's cool that Netskope is in, you know, the the far right, you know, upper right all the time, which is great. But it's, as much as anything, it's a thank you to you guys as, giving us good feedback from the company as people that are using our product to to say, hey, these are these are things that are working well. These are things that are not working well. And, you know, together, we're building a a a great product to keep going better in a security world for us to, you know, protect our data, protect our customers, you know, protect, you know, our people and our patients, whatever the case may be. So alright. And, of course, there is a blog post already out in the community site for today's talk, that Madura has has written up. So please, if you have, questions, you know, you know, jump in, hit that blog post. The there's comments on there. Madura or somebody will respond to those comments, and let you know, like, hey, good question. We can work on that. Or, hey, here's the answer to that. Here's your reference. Whatever the case may be. But, every cool use case that we do, we try to make sure we have a blog post for. And some stuff, maybe not necessarily use case, but just a best practice is, like, hey, We found that this is the best way for us to be able to manage x, y, or z. We'll throw a a a blog post out there to just say, hey. This is how we're doing it. Maybe this could help you guys too. So please, join us out on the Netskope community site, to to connect, you know, with other people using Netskope and us as, you know, folks, obviously, that are using Netskope, at Netskope here. And, we're we like I said, better together. I guess that's my theme today. We're better together. So and, once again, you know, we are we are customer zero. We we run Netskope at Netskope to protect Netskope. And then we have, you know, our mission is to use all of the features that make sense for us as a company, operationalize them, in addition to, you know, operational operationalizing that, build that modern globalized SOC, which we're, you know, doing. It's it's, you know, twenty four seven operating, taking all the different, feeds from Netskope, you know, creating tickets, triage, the whole thing. And then we wanna lead the way by example and learn from our mistakes. Because, like, hey. If we already made the mistake in implementing something, we'll tell you so that you don't do the same thing. We'll save you some time that way. And today's topic, again, is sentiment analysis using Netskope data loss prevention, specifically talking generative AI. And with that, I will turn it over to Madura so that we can get the cool stuff going. Hi, everyone. Hope you're all doing good. So let's talk about sentiment analysis, for generative AI apps using Netskope's DLP solution. And, just to give a brief introduction of Netskope DLP. So, Netskope's DLP has comprehensive set of predefined rules, which traditionally look for PII, PCI, PHI, and other compliance standards, for data that is, both at rest as well as in motion. And in addition to the traditional, use cases, we can also create customized DLP rules to come up with some creative and cool use cases when it comes to data, in the web. And, when we were thinking about, some unique and creative use cases of DLP, this particular use case of sentiment analysis for generative AI came up. And we thought why not use DLP for performing sentiment analysis because it's a really unique, sector with which we can do a lot more additional, use cases in the future. So, what is sentiment analysis? Sentiment analysis is basically, used to analyze the feeling that is expressed or shared in any given piece of text. And, generally, it it comes under two different categories. So the sentiment is usually positive or it's negative. And, we use two different datasets, one for the positive sentiment and one for the negative sentiment. And the goal of this use case is to basically look at user queries in generative AI applications and see if the user queries incline more towards the positive part or towards the negative sentiment. So this would help security analysts to identify potential mal malicious intent of users, which comes under the insider threat category and take appropriate next steps if required. And this approach can certainly be extended to other unique cases, like detecting social media, trolls, abuser messages online, and, users with criminal motives and intent, and also to provide positive affirmations to maybe users who may be feeling low any particular day. So, it it can cover a wide set of use cases, which can be, customized based on what we want to do. So when we look at the procedure, the most fundamental aspect is to compile, two different, CSV files. And one CSV file would be for the positive works, and one would be for the commonly used negative works. So we can certainly, come up with, like, a dictionary of positive words and a dictionary of negative words. And once these two dictionaries are created, the next step would be to actually go ahead and upload these, dictionaries as two different entities within, Netskope's DLP. So this can be done within the Netskope tenant. If we go to the DLP rule section, we can upload these dictionaries, separately and, select the case insensitive options so that, you know, it can cover, different types of text irrespective of the case that is used. So we are creating positive words dictionary and one for negative words here. The next step would be to create a DLP rule and associate the positive words and negative words separately with, two different DLP rules. So as we can see here, we are creating, the positive words DLP rule and including the dictionary that corresponds to the positive words. And, similarly, we are creating a separate DLP rule for negative words and including the negative words dictionary. And we can also set severity thresholds based on how we want the detections to be. So it's not that any given piece of text will always be positive or always be towards the negative side of things. So it can be a mixture of both, which is why we are trying to create a severity threshold where if five keywords match with the negative word set, then it starts getting, identified as a negative sentiment. And if five or more positive words are used in any given piece of text, it will be classified as a positive sentiment. So this can, of course, be customized based on your use case. So once the DLP rules are created, one for positive words and one for negative words, we need to go ahead and associate this with DLP profiles. So we will be creating one DLP profile which corresponds to the positive words DLP rule and then one DLP profile which is for the negative words. So this is quite straightforward till here. And the next part is the most important aspect, which is creating a real time policy, and this is where the user queries within generative AI can be detected for sentiment. So here, we can, create the gen we can include the generative AI category, which is a specific category that is tailored within Netskope and that includes different set of generative AI applications, which are widely used today. So we can choose that category. Or, specifically, if you just want to apply sentiment analysis for specific generative AI applications, we can also do that. So here we are including it for the entire generative AI category, and we are selecting the form post and the post actions because those correspond to the user queries within generative AI. And those are the activities that Netskope has visibility for. And we then include the DLP profiles, which were just created. So, again, we are including the positive words DLP profile and the negative words DLP profile. And we also have two different user coaching messages, which are created. So if users use more of positive words, we will be using a separate user coaching message. And if users are using more negative words, we will be having a separate user coaching message. So the associations are mentioned in this policy. So once this is done, we just have to go ahead and apply this policy. And, again, this can be applied to a specific group of users or to the entire organization depending on what we want to have the visibility for. And once the policies are active and running, when we get to the user experience part of things, we test it with just a basic movie reviews message, for demonstration purposes here. So if, if we have, like, a negative opinion about any given movie and we use more negative words, then based on the threshold and the DLP profile which was, just created, we will send out a message which corresponds to the negative sentiment. So here you can see that, this message is tailored for the negative sentiment. And, similarly, if somebody uses positive words in their, user queries, then we put out, the user coaching message, which is specifically tailored for the positive sentiment category. So here, we just include a lot of positive words, which is why we see the positive coaching message. So this is about the user experience part. And as security analysts, we can certainly use DLP forensics within the incident management, UI option to analyze and look through incidents and, see the forensics of these DLP incidents once they come through. And we can also rely on Netskope's advanced analytics to analyze and visualize the incidents and also to see a trend of how, how the positive words, DLP profile has performed over the last week or the last, fifteen days. And similarly, we can have one for negative words and look at the trend of users using negative sentiment within generative AI over a given period of time. So Netskope advanced analytics is certainly a handy tool, which will definitely help, security analysts as we work on these cases. So that's about, the sentiment analysis, within generative AI using Netskope DLP. Alright. And, you know, glancing through the, the q and a that's already coming in, it, looks like some of y'all have some of the same same questions I have. Right? But other other thing we wanted to highlight and if you guys wanna hear more in-depth on this, we can actually get, you know, a rep from the scope AI team to to come on and and give you a little bit more deep dive. But, all the AI stuff that happens in the background, we just we just wanna throw out there that both the NIA and DLP engines are powered by the Netskope one, Netskope AI technology because we name everything with scope in it because it's just, you know, Netskope, you know, Netskope. Gotta love it. Right? But the Netskope AI, it's a AIML powered, functionality, works across all the all the different parts of the platform, including UEBA. So we just wanted to let you know that, hey. It's there. Again, these slides are will be available for you upon request. So you can, do a deep dive into some of this information right here and, you know, ask some questions. Talk to your TAM, talk to your, your account rep, and, you know, get some more details if you need to. So, and with that, let's, let's roll into some q and a. How does text social media trolling or abusive messages? I think I think, Maduro laid out a pretty good framework for very much for that, and I'll I'll let you kinda take this one, Maduro, but you can explain it better to me. Yeah. So similar to the positive and negative sentiments, we can have, like, a specific dataset, that uses or that includes commonly used keywords or negative sentiments expressed in our social media, trolling messages, or user messages. And once that is done, we can apply it to any category. It could be within social media category or it could be within generative AI or professional networking side. So it depends on our use case where we want to apply this and, basically, just have the DLP policy in place for that particular category. How can the DLP policies be applied to the following platforms, OpenAI, Copilot, Harvey AI, and co counsel? Yeah. Madera, you wanna take that one? Yeah. So, similar to the generative AI category that we applied, we can use the generic category for the DLP policy or include specific applications for which Netskope supports in terms of, connectors. So as long as we have, like, predefined connectors, we can use them, or we can also build custom connectors for, generated via applications individually or use the category itself. And, again, when it comes to DLP policies, we can use the predefined policies when it comes, to commonly used compliance, standards and regulations like PCI, PII, or we can also come up with customized, DLP rules and, go about with our detections. Can we integrate with Microsoft Purview labels to apply them in DLP rules? That is a great question. I heard a little bit about this last week, but I don't think I know enough to actually answer that one. We can we'll find an answer and get that one back to you, in the follow-up. How to create DLP rules for Microsoft off Outlook Classic? Good question. We don't necessarily use Outlook here, so, I will have to also defer that one. We'll, we'll get get something back for you there. We do have a S and T P DLP inline, and we utilize it here for our own sales. So that may be a a way for you to, work on email specifically. How does the CASB policy actually work? Good question. We'll follow-up with a we'll we'll shoot you a link for some of our docs for that one. It's actually, laid out pretty good. What is the legality of such detections? As always, the my favorite answer in cybersecurity is it depends. You know, it depends on region, depends on your company, depends on, you know, the industry, what regulations are you under. So you'd you just have to to play it out and, you know, obviously, work with your legal team, work with your privacy team. If you have a privacy officer, that's been a a rich source of information for for us as we're building stuff out. And, and we do get the, hey. Maybe you shouldn't do that on occasion. And it's like, you know what? It is a little too intrusive. So, you just have to, like I said, work with your, privacy officer on. So we have a DLP list of all of our clients, but this list gets updated every day. Is there a way to use APIs to update the DLP list automatically? I believe that's a yes, Madura. So if you mean, like, DLP list of incidents, or whether it is for the new set of profiles, yes, there are a lot of things we can do with the APIs for DLP. So, I assume the answer is, I guess. Yeah. And, and we we can double check. We'll we'll try to make sure we we have a a link or something to the documentation for you on how to do it. What AI control capabilities are there with standard SWIG? This goes this goes back to I'm I'm not one of the sales guys that knows the so much the difference between the standard, advanced, and all that. So we'll actually have to get you a a good answer for that one. We're I'm fortunate in the part where we're like, hey. Implement everything. Yes. You know? So our license is pretty broad. How was that licensed? Again, let me I'll I'll hit up my TAM, and, I'll have an answer for you and a follow-up. What's the best practice or practices for blocking the sending of sensitive data to generative AI category sites? You definitely, can utilize the same type of framework we got here. It just depends on what your the definition of sensitive is. But, you know, that's, you know, implementing real time policy DLP rules for it. Madura, any other thoughts? Yeah. So apart from the compliance frameworks itself, we can also, like, include, password category and source code detections along with API secret keys within the DLP rule. Since they may be specific to your environment, we can certainly include those within the DLP rule, for, like, good detection of sensitive data. Yeah. And, of course, there's, you know, advanced features. I do know this is advanced, but the exact data matching. So if you say, hey. This is my sensitive data pool. You can actually hash that data pool and watch for movement on that and have it detected specifically. So you know? Will you be sharing a list of positive and negative words? Is that something you already had in your blog post, Madera? I didn't include the dataset. I just, included the screenshots. But, something we can surely share because, if that's helpful, we can surely do that. Yeah. I think yeah. We can we can try to attach that to the the blog post we got there for it. So cool. Good idea. Are there plans for Netskope to utilize AI or ML to automatically update the sentiment words files, rather than having to manually update continually? Good question. I think that's gonna be more for our AI ML team, rather than us because, I guess, we're we're the guys that are using the tech. Sometimes we get some insider information, but this one, I don't know specifically. Yeah. We can definitely check with our AIML team because, they have a lot of, cool AI AIML classifications. So we just need to check if, there's any timeline for when this would be tested or implemented in the future. Can this be integrated with MS Teams? As long as you are, steering Teams traffic, you should definitely be able to. There's always there's always caveats. Teams, if you're using the the thick client, is typically bypassed, as a cert penned application. So there's there's a couple things to, to work through with that one. But, definitely hit up, support or or your TAM to see what you can do with that one. Can we use AI to create rules so we don't have to have a ton of manual configuration? Can we use AI to continue to improve the DLP rules and lists? I I can't specifically say on this one, but I do believe road map, AI is coming to help us out with some DLP stuff. If we are creating keywords in English, will the dictionary be captured in all regional languages? Oh, I didn't even think about that. Madura, thoughts? No. I think it would just be for the keywords which are specified, within the real deal framework. So as far as regional languages, yeah, I'll have to we'll have to check internally, if we are supporting those. So that's a really interesting question. We'll surely get back to you. It it it is interesting. And, of course, for me, speak English and and very little Spanish, just enough to to basically order food because that's what I like. And it's it's, you know, always interesting talking to other folks we have working around the world. You know, I'm behind. They all know two or three or four languages, and it's like, oh, man. So, of course, I'm always thinking, hey. Just English. But those are great questions. Thanks for making us think. For the exchange mail policy, is there a way to export recipient data? Recipient data. If you have SMTP, DLP inline, you should be able to, get a list of events that have been going through there. I don't know. Madera? Yeah. That is one thing. And, also, if we if you have, the forensics, configured for Netskope DLP, then all the DLP incidents will be tracked in the forensics folder, which you can navigate within the Netskope tenant, to look at the recipe and data if if that's what their question is. Can you provide another sample use case on how sentiment can be used from a security standpoint? You well, one of the top of mind is, you know, disgruntled employees looking for insider threat. So maybe you're not coaching. Maybe you're throwing some you know, just just doing some analysis in the background, and to see, like, hey. Look, this this person, really hates working here. Like, they like, maybe we can reach out and get some help or something. So Moderating user queries even for sentiment can raise ethical and legal issues and maybe hinder users or productivity. Again, definitely, I agree. We definitely gotta be careful with what we're doing because, you know, we don't wanna, you know, hinder the business productivity. Well, people wanna feel like they're contributing and doing something, and we don't wanna be in the way. So, you know, use, appropriately. And, and for analytical and legal, I and, you know, work work with your legal and privacy teams to make sure that we're staying on the above board side of things. Alright. When creating and deploying a DLP policy for AI, can you provide some tips on how to identify false positives in the alerts? Dara, I'll let you go for this one. Again, it involves extensive, analysis of the incidence and forensic data because this is something that is, a challenge for us as well whenever we implement a new DLP framework or a policy. So, we take a step by step approach wherein the first few weeks we apply to specific user groups, wherein we perform active testing to include all corner use cases as much as possible and look at the efficacy of the DLP rule and make any changes to the DLP rule based on the incidents and the forensics. So once all that is done is when we go ahead and apply the DLP profile to a wider set of audience so that, the soft teams are not hammered with a lot of false positives. And, again, it's about continuously improving our detections as much as possible. So, the implementation team has frequent call frequent calls with the the soft team to get their feedback and also opinion about how different DLP rules are performing. And Netskope's advanced analytics is, again, a great tool which can be used, to help reduce the false positives because we can do a profile, level check with the Netskope advanced analytics. And wherever, like, there seems to be unusually high number of incidents which are not matching up with, the forensics data or with the original use case is where we need to put a lot more effort as implementers and, work on the false positives. So it is an extensive loop mechanism that we usually follow. Can we get the recordings of the session? Missed to join early due to this meeting. Absolutely. We'll be available after, we are gonna include it here and, should be available. I think I think we're shooting for twenty four hours, so expect it soon. And it will be via email. So yeah. Thanks, Arianna, for throwing that in there. Alright. Oh, we got one more. When creating DLP policy for shopping websites, we can see false positives getting dithering when Netskope detects random strings of numbers as SSN. Any suggestion to further granulate the DLP profiles prevent this from happening to reduce the false positives? I'll I will say right off the top, I would I would use some other constraints, but, Maduro does this day in and day out. So I will let her take a shot on this one. So this is something that we faced initially as well, while we were, like, implementing these, newly. So I would say, like, applying EDM based DLP rules, exact data match would be helpful in this scenario. So, again, we would have to sit down and talk with, with our HRA, admin and then get the EDM data appropriately and later use it within the policy to bring down the incidence of false positives. Yeah. And and just a a reminder, you know, support's there to help you. If if you just we really want this policy to work. You know, just shoot out a a ticket. It's like, hey. We need help with this. And maybe they can they can coach you or guide you through to get the get get the results you're looking for. Yeah. Also, one more thing, which I forgot mentioning is, we can use, like, proximity checks. So whenever we feel like, just a random pair of, string is getting classified as SSN, we we can certainly go back and use proximity checks within the DLP rule to ensure that, what we are detecting as SSN is what, you know, it actually is, and we are not, like, detecting any random combination of numbers as SSN. So proximity checks also definitely help. Can it also analyze AI responses or just the user input data? Good question. Indira? Yeah. So, as of now, like, the visibility from Netskope side is for user queries and not the responses which are sent by generative AI applications because of which, the analysis will also be for user queries and not, the generative AI responses. So it again depends on whether we have the visibility for, for any given activity. Alright. I think that was the last one. Do we have our poll results? What do we wanna hear about next month? Unboxing the enterprise browser, which, we've had already had some pretty cool stuff with already. And we do have blog posts heading out to the inside Netskope, site for it. And there's actually a couple out there for how to implement, how to get it installed. Managing certificate errors with Netskope client, always, always fun with when you wanna be in the middle of everything, and securing applications and data using enterprise browser, because, like I said, we like shiny new toys too. So it's we've been playing with it quite a bit. No no last minute votes? Hope. Alright. Looks like managing certificate errors with the Netskope client is, gonna be coming up. So we'll be back, with that. Thank you for a very interactive, you know, q and a session. We'll get some, good follow ups to you for everything that we weren't able to answer. And, hopefully, you know, this again, thank you for for working with us and, you know, being attentive and, good challenging questions. You know, keep keep us on our toes, and, we'll help make our security program better. And by doing so, we hope to help you keep your, security program getting better. With that, thank you very much, everybody.