Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools

Proofpoint announced Data Loss Prevention (DLP) Transform, including GenAI use cases.

Today, businesses struggle with the limitations of legacy DLP solutions that are fragmented across channels and are not designed to address today’s most problematic use cases like insider risk, protecting cloud data and controlling the acceptable use of GenAI tools, including copilots and chatbots.

In a recent Proofpoint study, 70% of security professionals cited visibility into sensitive data, user behavior and external threats as the most important capability for their DLP program.

Unlike legacy solutions limited to data classification or point solutions limited to one channel, Proofpoint Information Protection works across all major channels: email, cloud, endpoint, and web. The solution leverages all three critical analytical capabilities, including user behavior, AI-augmented data classification, and threat context.

This has enabled over 6,000 organizations, including more than half of the Fortune 100, to mitigate all three major types of data loss risk: negligent user error, exfiltration by threat actors, and theft by malicious insiders. DLP Transform brings together a cloud-native architecture that analyzes user behavior and content understanding to assess and protect against data risk across channels.

Critically, this enables organizations to consolidate their DLP point solutions, their insider risk tools, and their cloud DLP or CASB into a single architecture, agent and interface, adding capabilities and channel coverage as their data loss and insider risk programs mature.

Making responsible generative AI use a reality for organizations

The uncertainty that has accompanied the explosion of GenAI tools has given the consolidation of DLP tools a new urgency. The loss of data to a single party is bad enough but given the propensity of GenAI tools to train their models on user-submitted data and their tendency to disclose sensitive information via prompt engineering, sensitive data leakage to a GenAI tool may be the equivalent of making it public.

Many organizations have crafted acceptable GenAI use policies to prevent privacy and corporate violations, ensuring confidential and customer information is not uploaded to GenAI tools and chatbots. However, such policies are near impossible to implement without an understanding of the content and employee behavior. Proofpoint DLP Transform allows organizations to enforce those policies across all channels by allowing and disallowing interactions with GenAI tools based on user behavior, content, and data lineage.

Unlike blunt tools such as legacy DLP solutions or web filtering that completely blocks all use of GenAI applications, Proofpoint can surgically allow and disallow interactions based on employee behavior and the content being input. Incidents such as uploading source code files or pasting corporate intellectual property can be detected, blocked and alerted upon. In addition, end users can be provided reminders or nudges of the corporate Acceptable Usage Policies to reinforce awareness and adherence to such policies.

Proofpoint will augment DLP Transform with a browser-based extension for content typed into Generative AI tools such as OpenAI ChatGPT and Google Gemini, expected to be made available at the end of Q2 2024.

“With little transparency about how data submitted is stored and used, and even less clarity about how it can be removed or deleted if sent in error, GenAI systems represent a risky new channel through which data can leak,” said Mayank Choudhary, EVP and GM, information protection group, Proofpoint.

“While some organizations have banned the use of generative AI sites altogether, others recognize the productivity benefits they can provide and seek controls around the use of GenAI tools. It’s to point out the age-old tension between providing productivity tools to end users and ensuring the security of the organization. Proofpoint DLP Transform brings these two worlds together through an easy-to-deploy and easy-to-manage solution,” added Choudhary

Recently, Proofpoint announced the general availability of Adaptive Email DLP to automatically detect and prevent accidental and intentional data loss over email. By combining Proofpoint’s industry-leading threat and data loss protection technology and intelligence with Tessian’s AI-powered behavioral and dynamic detection, Proofpoint provides organizations with the most comprehensive defense available against human layer risks.